• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Validation on the server side vs client

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would like to know your opinion about this subject, because a lot of people I know says the validation always must to be in the client side even when you are using struts.
Maybe is better this way so you don't have to use the network to validate that the user are filling, for example, the email field wrong.
thanks for your comments
[ January 09, 2004: Message edited by: Giuseppe Albatrino ]
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think:
both will be used when in any proper time.
if the validation can be done in the client side and there is no critical data you don't want user to see, like form field format validation
... you can use client validation,but when the validation refer to some important data ,you should do validation in the server side.
This is my personal opinion!@
 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello !
Here are some thoughts...
1) If you validate the form field entries on the client side using Javascript in the browser, then you can be assured that you can simply do an INSERT/UPDATE to your database without any further work, because you can trust the data being posted...
2) Or can you? What if the user did a "view source" on the web page in their browser, and saved it to their local hard drive. Then they removed all your client side validation and tried to post/upload some nefarious "data" (aka trying to hack your site)?
3) If you are concerned about (#2), then that would mean you should ** never ** rely on client-side data validation. This means that you never have to waste your time trying to write tons of client-side Javascript, and you can ** always ** rely on ** reliable ** server-side validation.
4) Now, the only drawback is that you have to continue to have a "conversation" with the client until the user "gets the data right". This is simply am inconvenience/time waste to the user (but they should have typed the correct data in the first place, according to the directions, right?).
5) The other thing to consider is: is your app an INTRANET/CORPORATE website/app, so that you can tend to trust your users to not "hack you" (lean towards client-side Javascript), or is it a GLOBAL/INTERNET site... where you would be wise to not trust anyody (lean toward using server-side validation)?
Those were some initial thoughts...
HTH !!
CH
[ January 11, 2004: Message edited by: Carleton Harrison ]
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic