You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Roberto Amorim <ro...@edsonqueiroz.com.br> on 2003/04/16 14:17:26 UTC
Re: Why validate on the server side and not on the client side us
ing JavaScript???? help
IMHO you can include some validation in client side to increase
performance, some validations like not null attributes are easily
detected in client side and you wouldn't need submit a page to check
these problems. But, you should repeat that validations in server side too.
Regards
Roberto
Trieu, Danny wrote:
> I guess what I need is a list of all the convincing fact to make suggestion
> to my peers to do validation on the server side and not the on the client
> side, and not even on both the server and the client side.
>
> Thanks,
>
> danny
>
> -----Original Message-----
> From: David Graham [mailto:dgraham1980@hotmail.com]
> Sent: Tuesday, April 15, 2003 11:47 AM
> To: struts-user@jakarta.apache.org
> Subject: Re: Why validate on the server side and not on the client side
> using JavaScript???? help
>
>
> One thing you can do is to setup your non validating app in a test
> environment. Prepare a program that hacks your webapp and corrupts your
> data and demonstrate it in a meeting. Or, even easier, just turn off your
> javascript and submit a form with bad data.
>
> David
>
>
>
>>From: "Trieu, Danny" <DT...@downeysavings.com>
>>Reply-To: "Struts Users Mailing List" <st...@jakarta.apache.org>
>>To: "'struts-user@jakarta.apache.org'" <st...@jakarta.apache.org>
>>Subject: Why validate on the server side and not on the client side using
>>JavaScript???? help
>>Date: Tue, 15 Apr 2003 11:14:07 -0700
>>
>>Hi all,
>>
>>Can you help point out references to materials that will convince people to
>>validate inputs on the server side.
>>
>>Thanks,
>>
>>danny
>
>
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
RE: client- vs. server-side validation
Posted by Robert Sartin <sa...@navanax.org>.
--- Mark Galbreath <ma...@qat.com> wrote:
> validation. No user turns off JavaScript anymore and, in fact, I
> doubt there are more than a handful of developers on this list that
> even knows HOW to turn it off in IE 6.0.
This is simply not true. I know a lot of non-developer users (primarily
people with limited vision or mobility, but also others) who routinely
disable JavaScript. I (a developer) usually run with JavaScript turned
off in IE 6.
Regards,
Rob
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
RE: client- vs. server-side validation
Posted by Mark Galbreath <ma...@qat.com>.
This is a perennial issue on this list and has evoked more than a couple of
religious wars. The best practice is to use both client- and server-side
validation. No user turns off JavaScript anymore and, in fact, I doubt there
are more than a handful of developers on this list that even knows HOW to
turn it off in IE 6.0. In short, both have there advantages and
disadvantages and are not mutually exclusive. Further, judging from the
number of questions regarding the Struts Validator (see archive),
client-side validation may be necessary; on my last gig I wrote my own
server-side validator because I couldn't get Validator to work properly.
Mark
-----Original Message-----
From: Roberto Amorim [mailto:roberto@edsonqueiroz.com.br]
Sent: Wednesday, April 16, 2003 8:17 AM
To: Struts Users Mailing List
Subject: Re: Why validate on the server side and not on the client side us
ing JavaScript???? help
IMHO you can include some validation in client side to increase
performance, some validations like not null attributes are easily
detected in client side and you wouldn't need submit a page to check
these problems. But, you should repeat that validations in server side too.
Regards Roberto
Trieu, Danny wrote:
> I guess what I need is a list of all the convincing fact to make
> suggestion to my peers to do validation on the server side and not the
> on the client side, and not even on both the server and the client
> side.
>
> Thanks,
>
> danny
>
> -----Original Message-----
> From: David Graham [mailto:dgraham1980@hotmail.com]
> Sent: Tuesday, April 15, 2003 11:47 AM
> To: struts-user@jakarta.apache.org
> Subject: Re: Why validate on the server side and not on the client side
> using JavaScript???? help
>
>
> One thing you can do is to setup your non validating app in a test
> environment. Prepare a program that hacks your webapp and corrupts your
> data and demonstrate it in a meeting. Or, even easier, just turn off your
> javascript and submit a form with bad data.
>
> David
>
>
>
>>From: "Trieu, Danny" <DT...@downeysavings.com>
>>Reply-To: "Struts Users Mailing List" <st...@jakarta.apache.org>
>>To: "'struts-user@jakarta.apache.org'"
>><st...@jakarta.apache.org>
>>Subject: Why validate on the server side and not on the client side using
>>JavaScript???? help
>>Date: Tue, 15 Apr 2003 11:14:07 -0700
>>
>>Hi all,
>>
>>Can you help point out references to materials that will convince
>>people to validate inputs on the server side.
>>
>>Thanks,
>>
>>danny
>
>
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org