where the username and password values will be stored ?

Hi friends,
Usually we do validate the client's data by comparing the DB values.

But while we do the client side validations where these values will be validated ?

Thanks!!

What kind of validation is this that needs DB data?

if validation is client side, than how it will need db values???

You can't validate username/password on the client.

You can't validate username/password on the client.

ahhh ya..
thanks for correcting..

But you can use AJAX to do so. I've written one site where the entire login is AJAX based. Instead of the entire page submitting, an AJAX request is made with the username and password. The AJAX response includes the XML needed to rebuild the user interface for the now logged in user.

Tim Moores wrote:What kind of validation is this that needs DB data?

Let us say the username and password values from DB.
In this case if i want to do the client side validation by using java script then how those values will be compared with the DB values ?

Punit Jain wrote:if validation is client side, than how it will need db values???

Yes. you are right. But how do we get the user name and password values to compare with client data ? while we do client side validation ?

If the username and password are retrieved from the DB then they must be present in the page somewhere like hidden form fields.
But no matter where they are present, its a really bad idea to do the validation on client side.
Just seeing the source of the page will reveal the username and password with the validation logic, making the login process almost useless.

Hope this helps

janardhan venkatrao wrote:Yes. you are right. But how do we get the user name and password values to compare with client data ? while we do client side validation ?

In the same sentence you agree that you can't do client-side validation, yet ask how to do it?

Tim Moores wrote:

janardhan venkatrao wrote:Yes. you are right. But how do we get the user name and password values to compare with client data ? while we do client side validation ?

In the same sentence you agree that you can't do client-side validation, yet ask how to do it?

I didn't mean that.
And do you suggesting that we can't do client side validations at all.

Coming to the point : Let's say that i need to check the username : xyz and password : 1234 with java script by client side validation.
then how to do it.

janardhan venkatrao wrote:And do you suggesting that we can't do client side validations at all.

No one said that. What was said is that authentication validation can't be done on the client side.

(But while non-authentication validations can occur on the client, they must be repeated on the server. You can't trust the client.)

Coming to the point : Let's say that i need to check the username : xyz and password : 1234 with java script by client side validation.

then how to do it.

For the last time: you don't! What would be the point of having a username and password if they were available on the client? Anyone could look at the source of the page and see the expected password.

Bottom line: authentication must occur on the server.

Bear Bibeault wrote:

janardhan venkatrao wrote:And do you suggesting that we can't do client side validations at all.

No one said that. What was said is that authentication validation can't be done on the client side.

(But while non-authentication validations can occur on the client, they must be repeated on the server. You can't trust the client.)

Coming to the point : Let's say that i need to check the username : xyz and password : 1234 with java script by client side validation.

then how to do it.

For the last time: you don't! What would be the point of having a username and password if they were available on the client? Anyone could look at the source of the page and see the expected password.

Bottom line: authentication must occur on the server.

Thanks Brother! I really got what i need!