Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

[Solved] Tradeoff between JavaScript Validation and Other Framework's Validation

 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am developing a website and right now i am working on login and registration module.I am using spring framework. It has its own validation framework.But i want to use javascript validation. I have following argue to boost my point.

1) Using Spring Valiadtion means server side validation i.e. trip to server. Using JavaScript validation means Client Side validation.i.e. NO trip to server.Hence it improves the performance.

Now, we can think that if somebody disable the browser's Javascript then what,
1) During page rendering we can check if the Javascript is enabled or not . OR
2) We can implement form submission using Javascript only. So if it is disabled, user won't be able to submit the page.

Yes,for above two optoins we can ask the user to enable the JavaScript option and user should be aware of that.If not,user may leave your site PERMANENTLY. So this goes against JavaScript.

So I am confused about this. Which option should I choose?
[ December 06, 2008: Message edited by: Vishal Pandya ]
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should ALWAYS ALWAYS ALWAYS do server side validation. NO MATTER WHAT make sure the data that gets sent to the server is what you expect. Client side validation is nice for those that have javascript enabled but it should never be one or the other.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64967
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Gregg Bolinger:
You should ALWAYS ALWAYS ALWAYS do server side validation.

Just to make sure this doesn't get missed, I'll repeat it a few times:

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

You should ALWAYS ALWAYS ALWAYS do server side validation.

[ December 06, 2008: Message edited by: Bear Bibeault ]
 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh! it seems you both are totally devoted and convinced to use server side validation but just to convince myself, I repeat we must use server side validation because browser's JavaScript may be disabled.
Am I Right?
[ December 06, 2008: Message edited by: Vishal Pandya ]
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Vishal Pandya:
Oh! it seems you both are totally devoted and convinced to use server side validation but just to convince myself, I repeat we must use server side validation because browser's JavaScript may be disabled.
Am I Right?

[ December 06, 2008: Message edited by: Vishal Pandya ]


Yes PLUS the fact that client side code can be spoofed, hacked, compromised. Never trust data coming from the client no matter what. JavaScript validation is a nice feature, but that is it.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic