[thelist] Client-side or Server-side Form Validation?
Ken Schaefer
ken at adOpenStatic.com
Tue Oct 12 17:39:44 CDT 2004
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Rob Smith" <rob.smith at THERMON.com>
Subject: [thelist] Client-side or Server-side Form Validation?
: Which do you prefer? Client-side or Server-side
: form validation? All languages/platforms are up for
: grabs here. This is general web development
: preference.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Client-side script is for the benefit of the user only. You need server-side
validation of all input for the purposes of protecting your app. There is no
way you can validate anything by running code on a machine that is
completely controlled by the attacker. Because the attacker controls their
machine, they can do anything they want and as a consequence anything that
comes from that machine needs to be treated as untrusted until you validate
it server-side.
Cheers
Ken
More information about the thelist
mailing list