File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

is server side validation is necessary always?

 
manas ranjan mandal
Ranch Hand
Posts: 97
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to know that can we do server side validation in real time project? what is the merit and demerit of using server side validation using validation framework in real time project? we can validating data using javascript also.then why we use server side validation?don't it take too much network roundtrip?
 
Jan Cumps
Bartender
Posts: 2577
11
C++ Linux Netbeans IDE
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
we can validating data using javascript also.then why we use server side validation?
I can turn of javascript, and bypass your validation. If you don't validate at server side, my invalid value will get into your system.

Regards, Jan
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64188
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can also copy your form, change it to whatever I like, and submit it to your server with whatever data I like.

Not only do you have to do server-side validation, you have to carefully guard against attacks such as script and SQL injection.
 
manas ranjan mandal
Ranch Hand
Posts: 97
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
as you said we can validate using server side validation but we can validate the user form using java script also.each time for validating user input if the request will go to server then it may increase network traffic.
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just to make it clear: There's nothing at all wrong with doing client-side validation. You're right about the fact that it does save server round-trips. What I believe the previous posters are trying to tell you is that you can't rely on client-side validation only
. You must do the validation again on the server-side as an added precaution.
 
manas ranjan mandal
Ranch Hand
Posts: 97
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
as you mentioned for avoiding SQL injection its better to do server side validation.so can you tell me what is SQL injection ?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64188
83
IntelliJ IDE Java jQuery Mac Mac OS X
 
manas ranjan mandal
Ranch Hand
Posts: 97
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for clearing my doubt.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic