03-23-2016, 03:36 PM
As already discussed in the PMs but mentioning here for others, the client side JS/jQ code is helpful, but shouldn't be relied upon because it is easily bypassed/disabled. There is other US code that protects the database from dangerous inputs so SQL based attacks should be pretty unlikely.
The server side validation for input sanity should be fairly solid (and can be expanded if needed). What appears to be the weakness is how that validation is called. So the intention of the code may be vulnerable, but the DB and server side code seems to be pretty safe.
As Mudmin said, these issues are important to be addressed, and none of us is too proud to accept constructive criticism.
The server side validation for input sanity should be fairly solid (and can be expanded if needed). What appears to be the weakness is how that validation is called. So the intention of the code may be vulnerable, but the DB and server side code seems to be pretty safe.
As Mudmin said, these issues are important to be addressed, and none of us is too proud to accept constructive criticism.