[thelist] Javascript Security Risk was (Stopping a user submitting a form f rom the address bar using JS.)
RUST Randal
RRust at COVANSYS.com
Fri Dec 13 07:59:01 CST 2002
Lachlan Cannon said:
> Besides, you should be doing server side checking
> anyway, if not you have a huge security risk on your hand.
Why is it a /huge/ risk? I'm asking because I'm not that well-informed on
security issues, and I'm currently involved in a debate with some developers
on this issue. They think that client-side validation is enough, and would
rather skip the server-side validation.
I disagree with them and want all validation done first on the server-side,
then we can add client-side validation.
Randal
More information about the thelist
mailing list