[thelist] Validating data (was: targeting effectively)
Madhu Menon
webguru at vsnl.net
Mon Mar 25 08:00:00 CST 2002
What a wonderful debate. I was hesitant to jump in, but then I saw this.
At 02:55 PM 3/25/2002, Dave wrote:
>Basically, by .jeff and aardvark deciding to take the onus off of the client
>using javascript (and the "moral" highground, they have punished the rest of
>the viewers by increasing server strain, increasing server bandwidth (lots
>more faulty messages), and requiring a user on a slower connection to have
>to contact the server and wait to get a reply telling the user that they
>forgot a form field.
Actually, people who've been building web apps for a while make it a
standard security practice NOT to rely on client-side Javascript validation
alone. You must *always* back it up with server-side validation of the
data. Otherwise, you could end up putting junk into your database, not to
mention open up security holes. It's all too easy to disable Javascript.
<tip>
You know why many site owners don't know when there's something seriously
wrong with their sites?
Because most people who can't find what they're looking for or have trouble
using the site just leave. They never write and tell you about it.
</tip>
Regards,
Madhu
<<< * >>>
Madhu Menon
User Experience Consultant
e-mail: webguru at vsnl.net
More information about the thelist
mailing list