Meaningless Drivel is fun!*
The moose likes Servlets and the fly likes Client Side vs. Server Side Validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Client Side vs. Server Side Validation" Watch "Client Side vs. Server Side Validation" New topic
Author

Client Side vs. Server Side Validation

Gabe Newell
Greenhorn

Joined: Dec 07, 2004
Posts: 19
I have a lecturer at my Uni that is taking us for 'E-Commerce'. This lecture is teaching us to validate data on the client side using java-script. I want to raise that validation should be done on the server side so we shouldn't be learning this as java-script can de-enabled and 10% browsers dont have java-script enabled (W3C, 2005).

Is there any other reasons that she be teaching us client side validation using java-script? I want a strong case to backup my claim.
James Carman
Ranch Hand

Joined: Feb 20, 2001
Posts: 580
Client-side validation is nice so that you don't bog down your server with invalid requests, but ultimately the server should make sure everything is on the up and up when the request comes in. As you said, the javascript can be disabled on the browser, so you shouldn't rely on that only.


James Carman, President<br />Carman Consulting, Inc.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

There have been a few discussions on this lately. I can't remember whether they were in the JSP or Servlets forum. Search both.

The bottom line is this:
If it absolutely, positively must be validated, do it on the server.

Some other arguments:
People can turn off Javascript.
Uncaught JS exceptions will stop all JS (which often leads to the form being submitted without validation.)

Client side validation can cut down on network traffic and make for a better user experience so it makes for a nice addition to server side validation.

If it absolutely, positively must be validated, do it on the server.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15300
    
    6

There is really no discussion to be had. Ben pretty much said this but in a lot more words than I am going to and all those other discussions basically led to the same conclusion.

Do Both


GenRocket - Experts at Building Test Data
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61756
    
  67

If your lecturer insists that server-side validation is not necessary, I would be very leery of anything else that is said.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Mark Vedder
Ranch Hand

Joined: Dec 17, 2003
Posts: 624

Most importantly, not doing server side validation is a security risk. Not only can client side validation be turned off, it can be spoofed. I can simply write an HTML page that posts to the server with invalid data; or more importantly malicious data, but with any "isValid" flag set to true. Like Gregg says, do Both.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Client Side vs. Server Side Validation