As everyone should know, you never trust the data that the client sends to your server. I threw together this simple flask site for a simple demo of a server which blindly trusts the client when performing stock trades. The user view page uses javascript to make sure the user doesn't enter any invalid values for buy/sell numbers, but the server does no checks. Can you get $1,000,000 from it?
-
Notifications
You must be signed in to change notification settings - Fork 0
roglew/clientcontrolsdemo
About
A simple site for a class demo on why client-side controls aren't enough to protect a website
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published