• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Server Side validation - what kind of work flow have to follow?

 
Ranch Hand
Posts: 35
Google Web Toolkit PHP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I created a form in a jsp page. For both Adding the data and editing the data i'm using the same form. When ever user enters the data and submit. first javascript validation will work in the client side. Now i have to implement the server side validation. What kind of flow is easy and secured and best performance giving? Whether i can do the validation in the same JSP page OR i can write a servlet to manage the validation?? Or which one is best?? Please suggest me!!
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You should never submit a form to JSP page or perform any kind of data processing inside a JSP -- that's what servlets are for.

What I generally do is to validate the data at the most appropriate level. Sometimes, that's in the controller, but often it's deeper within the model. In either case, any problems are gathered up and if there are validation failures, I redirect back to the JSP with the form, passing the validation problems so that the JSP (and/or any script on the page) can display them to the user for fixup.
 
Ranch Hand
Posts: 329
Eclipse IDE Oracle Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

What kind of flow is easy and secured and best performance giving?


isn't it? For web applications, we have to compromise on something or the other..

Interesting to know the context of validation over here. To me I would consider 2 different scenarios
1. Server side validation of Input data (for vulnerabilities or malicious input)
2. Business level validations (what the business requires)

For business validations I would prefer layer in business components to do it but for input validation (for security) I would have it in controller or a separate layer itself (after controller) which would make it easier to un-plug the same easily if we feel it is trash.

Any contradictions to change my perspective or make me think over again are highly appreciated
 
reply
    Bookmark Topic Watch Topic
  • New Topic