Check out this page from the New York Times:
http://homedelivery.nytimes.com/HDS/learnMorePopUp.do
?mode=common.learnMorePopUp
&productId=NDS
&prodRate=7.40
I was surprised to see that when I manually modified the prodRate
parameter, the page updated:
- The introductory subscription rate.
- The regular subscription rate.
Try it for yourself! Now, I haven't done much web development, but I know this probably shouldn't happen. So I'm wondering:
- What kind of implementation would cause this behaviour?
- How would you modify the page to hide such sensitive parameters from the end user?