An old but good Bill Joke

One night, a Delta twin-engine puddle jumper was flying somewhere above New Jersey. There were five people on board: the pilot, Michael Jordan, Bill Gates, the Dali Lama, and a hippie. Suddenly, an illegal oxygen generator exploded loudly in the luggage compartment, and the passenger cabin began to fill with smoke. The cockpit door opened, and the pilot burst into the compartment.

"Gentlemen," he began, "I have good news and bad news. The bad news is that we're about to crash in New Jersey. The good news is that there are four parachutes, and I have one of them!" With that, the pilot threw open the door and jumped from the plane.

Michael Jordan was on his feet in a flash. "Gentlemen," he said, "I am the world's greatest athlete. The world needs great athletes. I think the world's greatest athlete should have a parachute!" With these words, he grabbed one of the remaining parachutes, and hurtled through the door and into the night.

Bill Gates rose and said, "Gentlemen, I am the world's smartest man. The world needs smart men. I think the world's smartest man should have a parachute, too." He grabbed one, and out he jumped. The Dali Lama and the hippie looked at one another. Finally, the Dali Lama spoke. "My son," he said, "I have lived a satisfying life and have known the bliss of True Enlightenment. You have your life ahead of you; you take a parachute, and I will go down with the plane."

The hippie smiled slowly and said, "Hey, don't worry, pop. The world's smartest man just jumped out wearing my backpack."

Hacking with the browser: Form Submissions

This is a rather simple hack I have seen people use, and I have done it to show holes in people’s code that they thought was secure. I have posted high scores on games by just looking at the source code of the page and seeing where information is being sent.

Almost every web page out there that collects data uses form submissions. The data in the form is processed on the server side when the form is submitted. Now I have blogged about how people can use JavaScript to get around form validation, but there is an easier way. A person can copy all of the fields in a form and make a page on their own web space. They than can submit the form from their web space to yours by pointing the action attribute to your server.

Now the person does not have to worry about all of the validation that takes place on your page. This is another reason why it is important to validate on the server side. But you want to know how to protect yourself from this type of attack. The best way is to check where the form has been submitted from. If the location is not from the place you know it should be originating from then error it out and do not process it. It is that simple.

Eric Pascarello HTML/JavaScript moderator at JavaRanch.com