Win a copy of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 this week in the Programmer Certification forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

Validation on the server side vs client

Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to know your opinion about this subject, because a lot of people I know says the validation always must to be in the client side even when you are using struts.
Maybe is better this way so you don't have to use the network to validate that the user are filling, for example, the email field wrong.
thanks for your comments
[ January 09, 2004: Message edited by: Giuseppe Albatrino ]
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think:
both will be used when in any proper time.
if the validation can be done in the client side and there is no critical data you don't want user to see, like form field format validation
... you can use client validation,but when the validation refer to some important data ,you should do validation in the server side.
This is my personal opinion!@
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello !
Here are some thoughts...
1) If you validate the form field entries on the client side using Javascript in the browser, then you can be assured that you can simply do an INSERT/UPDATE to your database without any further work, because you can trust the data being posted...
2) Or can you? What if the user did a "view source" on the web page in their browser, and saved it to their local hard drive. Then they removed all your client side validation and tried to post/upload some nefarious "data" (aka trying to hack your site)?
3) If you are concerned about (#2), then that would mean you should ** never ** rely on client-side data validation. This means that you never have to waste your time trying to write tons of client-side Javascript, and you can ** always ** rely on ** reliable ** server-side validation.
4) Now, the only drawback is that you have to continue to have a "conversation" with the client until the user "gets the data right". This is simply am inconvenience/time waste to the user (but they should have typed the correct data in the first place, according to the directions, right?).
5) The other thing to consider is: is your app an INTRANET/CORPORATE website/app, so that you can tend to trust your users to not "hack you" (lean towards client-side Javascript), or is it a GLOBAL/INTERNET site... where you would be wise to not trust anyody (lean toward using server-side validation)?
Those were some initial thoughts...
HTH !!
[ January 11, 2004: Message edited by: Carleton Harrison ]
Don't destroy the earth! That's where I keep all my stuff! Including this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!