You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Andrew Hill <an...@gridnode.com> on 2003/04/16 05:02:06 UTC
RE: Why validate on the server side and not on the client side using JavaScript???? help
oh yes....
...please do post the URL.
I could use a little amusement ;->
<muhahahah/>
-----Original Message-----
From: Kruse, Matt [mailto:MKruse@aquent.com]
Sent: Wednesday, 16 April 2003 02:05
To: Struts Users Mailing List
Subject: RE: Why validate on the server side and not on the client side
using JavaScript???? help
> Can you help point out references to materials that will
> convince people to validate inputs on the server side.
Post a URL to your app, and we'll give you all the convincing you need :)
Just remember, HTTP requests can be _very_ easily simulated. A browser isn't
necessary.
Further, it's possible to change values of things like hidden fields, or add
options to drop-downs, all from within IE, then submit it back to your
server. If you're trusting that your hidden fields won't be altered or that
the only choice in a select-list field will be one of the options you've put
in there, you're potentially in for a world of pain!
Matt Kruse
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org