wood burning stoves*
The moose likes Struts and the fly likes is server side validation is necessary always? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "is server side validation is necessary always?" Watch "is server side validation is necessary always?" New topic
Author

is server side validation is necessary always?

manas ranjan mandal
Ranch Hand

Joined: Apr 02, 2008
Posts: 97
I want to know that can we do server side validation in real time project? what is the merit and demerit of using server side validation using validation framework in real time project? we can validating data using javascript also.then why we use server side validation?don't it take too much network roundtrip?
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2491
    
    8

we can validating data using javascript also.then why we use server side validation?
I can turn of javascript, and bypass your validation. If you don't validate at server side, my invalid value will get into your system.

Regards, Jan


OCUP UML fundamental and ITIL foundation
youtube channel
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60752
    
  65

I can also copy your form, change it to whatever I like, and submit it to your server with whatever data I like.

Not only do you have to do server-side validation, you have to carefully guard against attacks such as script and SQL injection.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
manas ranjan mandal
Ranch Hand

Joined: Apr 02, 2008
Posts: 97
as you said we can validate using server side validation but we can validate the user form using java script also.each time for validating user input if the request will go to server then it may increase network traffic.
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
Just to make it clear: There's nothing at all wrong with doing client-side validation. You're right about the fact that it does save server round-trips. What I believe the previous posters are trying to tell you is that you can't rely on client-side validation only
. You must do the validation again on the server-side as an added precaution.


Merrill
Consultant, Sima Solutions
manas ranjan mandal
Ranch Hand

Joined: Apr 02, 2008
Posts: 97
as you mentioned for avoiding SQL injection its better to do server side validation.so can you tell me what is SQL injection ?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60752
    
  65



SQL Injection
manas ranjan mandal
Ranch Hand

Joined: Apr 02, 2008
Posts: 97
thanks for clearing my doubt.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: is server side validation is necessary always?
 
Similar Threads
client side validation vs server side validation
Struts 1.2 - Client and Server-side validations
Mr. Neil Ford: What are the shortcomings of Struts?
DynaValidatorForm
date validation