File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Validation on the server side vs client Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Validation on the server side vs client" Watch "Validation on the server side vs client" New topic

Validation on the server side vs client

Giuseppe Albatrino

Joined: Sep 12, 2003
Posts: 3
I would like to know your opinion about this subject, because a lot of people I know says the validation always must to be in the client side even when you are using struts.
Maybe is better this way so you don't have to use the network to validate that the user are filling, for example, the email field wrong.
thanks for your comments
[ January 09, 2004: Message edited by: Giuseppe Albatrino ]
Guiqiang Zhang

Joined: Jan 10, 2004
Posts: 6
I think:
both will be used when in any proper time.
if the validation can be done in the client side and there is no critical data you don't want user to see, like form field format validation
... you can use client validation,but when the validation refer to some important data ,you should do validation in the server side.
This is my personal opinion!@

I help you , You help me!!
Carleton Harrison

Joined: Jan 11, 2004
Posts: 14
Hello !
Here are some thoughts...
1) If you validate the form field entries on the client side using Javascript in the browser, then you can be assured that you can simply do an INSERT/UPDATE to your database without any further work, because you can trust the data being posted...
2) Or can you? What if the user did a "view source" on the web page in their browser, and saved it to their local hard drive. Then they removed all your client side validation and tried to post/upload some nefarious "data" (aka trying to hack your site)?
3) If you are concerned about (#2), then that would mean you should ** never ** rely on client-side data validation. This means that you never have to waste your time trying to write tons of client-side Javascript, and you can ** always ** rely on ** reliable ** server-side validation.
4) Now, the only drawback is that you have to continue to have a "conversation" with the client until the user "gets the data right". This is simply am inconvenience/time waste to the user (but they should have typed the correct data in the first place, according to the directions, right?).
5) The other thing to consider is: is your app an INTRANET/CORPORATE website/app, so that you can tend to trust your users to not "hack you" (lean towards client-side Javascript), or is it a GLOBAL/INTERNET site... where you would be wise to not trust anyody (lean toward using server-side validation)?
Those were some initial thoughts...
HTH !!
[ January 11, 2004: Message edited by: Carleton Harrison ]
I agree. Here's the link:
subject: Validation on the server side vs client
It's not a secret anymore!