Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialKonrad Pilch
2,435 PointsHow to hack HTML in terms of violating the legal side of it? or whatever is that.
How to hack HTML in terms of violating the legal side of it? or whatever is that. - Learning purposes obviously.
2 Answers
Kevin Korte
28,149 PointsWhat do you mean? Can you expand more?
Jacob Mishkin
23,118 Pointsthis blog post will tell you how:
Konrad Pilch
2,435 PointsKonrad Pilch
2,435 PointsWell, for example, if you did PHP track, the teacher showed us that if you change the value in the HTML, the price will be changed, and you can get the product for free. This kind of stuff.
Kevin Korte
28,149 PointsKevin Korte
28,149 PointsGot it - yeah, this is why you can never ever ever trust any data you receive from a user. In Rails, there is something called strong parameters. What this meas is that when you accept a form submissions, you have to set the parameters you expect, and anything included in the form submission outside of the parameters are ignored.
This can get really danagerous, if for say when you're setting admin permssions to users using an "admin = 0" for no admin rights, and "admin = 1" for admin rights. Say you had a user signup, that didn't give the user the option to get admin rights, but somebody modified the form to include admin = 1, and when the user is created in the database, they're unintentionally given admin rights. Bad news for you.
Never trust data.