[thelist] Javascript Security Risk was (Stopping a user submitting a form f rom the address bar using JS.)

Lachlan Cannon luminosity at members.evolt.org
Fri Dec 13 08:21:01 CST 2002

RUST Randal wrote:
> Lachlan Cannon said:
>>Besides, you should be doing server side checking
>>anyway, if not you have a huge security risk on your hand.
> Why is it a /huge/ risk?  I'm asking because I'm not that well-informed on
> security issues, and I'm currently involved in a debate with some developers
> on this issue.  They think that client-side validation is enough, and would
> rather skip the server-side validation.
> I disagree with them and want all validation done first on the server-side,
> then we can add client-side validation.

Well, if you're using a database and you don't check properly you can
wave goodbye to everything in your database as soon as someone realises
what they can do. If it's something temporary that doesn't involve
anything else there's no real dangers as such, but anything involving
the fiel system or a database MUST be validated server side, lest all
your data be eaten.

Plus if you only do it client side as soon as someone finds out, you'll
be a laughing stock.
Web: http://illuminosity.net/
E-mail: lach @ illuminosity.net
MSN: luminosity @ members.evolt.org

More information about the thelist mailing list