[thelist] Javascript Security Risk was (Stopping a user submitting a form f rom the address bar using JS.)

RUST Randal RRust at COVANSYS.com
Fri Dec 13 07:59:01 CST 2002


Lachlan Cannon said:

> Besides, you should be doing server side checking
> anyway, if not you have a huge security risk on your hand.

Why is it a /huge/ risk?  I'm asking because I'm not that well-informed on
security issues, and I'm currently involved in a debate with some developers
on this issue.  They think that client-side validation is enough, and would
rather skip the server-side validation.

I disagree with them and want all validation done first on the server-side,
then we can add client-side validation.

Randal



More information about the thelist mailing list