[thelist] Server vs. Client Validation

aardvark roselli at earthlink.net
Thu Dec 5 14:10:01 CST 2002

> From: Paul Cohen <rabbic at yahoo.com>
> Does anyone have any thoughts on the cost/benefits of server side
> field validation vs. running it on the client side?
> Should both be done for security?

for security, you should always do server-side... after all, what good
is form validation in JS if the user can get past it by disabling JS?
or creating a static page and posting from that?

but *adding* client-side validation can be a major usability boon... it
has to work well, though... throwing errors, taking too long to work,
not firing at appropriate times, etc., can all impede usability and
obviously have an affect opposite of that intended...

my rule of thumb -- build the app to work on the server... after it's
been tested and runs correctly, *then* add the client-side validation
into play...

Read the evolt.org case study
Usability: The Site Speaks for Itself
ISBN: 1904151035

More information about the thelist mailing list