You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Andrew Hill <an...@gridnode.com> on 2003/04/16 05:02:06 UTC

RE: Why validate on the server side and not on the client side using JavaScript???? help

oh yes....
...please do post the URL.

I could use a little amusement ;->

<muhahahah/>

-----Original Message-----
From: Kruse, Matt [mailto:MKruse@aquent.com]
Sent: Wednesday, 16 April 2003 02:05
To: Struts Users Mailing List
Subject: RE: Why validate on the server side and not on the client side
using JavaScript???? help


> Can you help point out references to materials that will
> convince people to validate inputs on the server side.

Post a URL to your app, and we'll give you all the convincing you need :)

Just remember, HTTP requests can be _very_ easily simulated. A browser isn't
necessary.

Further, it's possible to change values of things like hidden fields, or add
options to drop-downs, all from within IE, then submit it back to your
server. If you're trusting that your hidden fields won't be altered or that
the only choice in a select-list field will be one of the options you've put
in there, you're potentially in for a world of pain!

Matt Kruse


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org