rash - 6:11 pm on Nov 22, 2009 (gmt 0)

These tools have been there since long. Even if these addons are stopped by firefox, many like paros, burp, etc. would continue to live. Only way out of this is to write good "server-side" code and not rely entirely upon client side data, yes this may increase processing but would help in the long run. Some tips for anyone interested:

-> Always check for all form fields for minimum/maximum lengths, referrer information and server side session data if required.
-> Try avoiding storing important information in client side cookies. Client side cookies are only important for not-so-important data.
-> Always escape quotes in your sql queries, also add a semi-colon (;) when creating queries.
-> Always escape data that will be presented as-is on different pages, for instance a news data item or an article posted by your user might consist of certain tags like iframes, <script> tags, etc. So its always good to escape them before retrieving the code from database and showing as-is.

Hope that helps! Be secure.