Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Client Side vs. Server Side Validation

 
Gabe Newell
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a lecturer at my Uni that is taking us for 'E-Commerce'. This lecture is teaching us to validate data on the client side using java-script. I want to raise that validation should be done on the server side so we shouldn't be learning this as java-script can de-enabled and 10% browsers dont have java-script enabled (W3C, 2005).

Is there any other reasons that she be teaching us client side validation using java-script? I want a strong case to backup my claim.
 
James Carman
Ranch Hand
Posts: 580
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Client-side validation is nice so that you don't bog down your server with invalid requests, but ultimately the server should make sure everything is on the up and up when the request comes in. As you said, the javascript can be disabled on the browser, so you shouldn't rely on that only.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There have been a few discussions on this lately. I can't remember whether they were in the JSP or Servlets forum. Search both.

The bottom line is this:
If it absolutely, positively must be validated, do it on the server.

Some other arguments:
People can turn off Javascript.
Uncaught JS exceptions will stop all JS (which often leads to the form being submitted without validation.)

Client side validation can cut down on network traffic and make for a better user experience so it makes for a nice addition to server side validation.

If it absolutely, positively must be validated, do it on the server.
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is really no discussion to be had. Ben pretty much said this but in a lot more words than I am going to and all those other discussions basically led to the same conclusion.

Do Both
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64827
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If your lecturer insists that server-side validation is not necessary, I would be very leery of anything else that is said.
 
Mark Vedder
Ranch Hand
Posts: 624
IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Most importantly, not doing server side validation is a security risk. Not only can client side validation be turned off, it can be spoofed. I can simply write an HTML page that posts to the server with invalid data; or more importantly malicious data, but with any "isValid" flag set to true. Like Gregg says, do Both.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic