Win a copy of Java Concurrency Live Lessons this week in the Threads forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Server Side Validation for Applications  RSS feed

 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,

When going through the Web i found that some Applications might use Server Side Validation also , could anybody please tell me where exactly or in what scenario Server Side Validation makes Sense ??

Thanks , waiting for your replies .
 
Sean Clark
Rancher
Posts: 377
Android Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

In my opinion you should be doing server side validation on any forms that are have data input on them. Whether you are validating a field which should have a numeric value on it or a telephone number, you may want to validate that the input is not doing some XSS.

One thing you should not be doing is performing just client-side validation as this is easily modified or even just turned off.

Sean
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sean thanks for the reply

validating a field which should have a numeric value on it or a telephone number

but these things can be done using Javascript itself.
 
Lester Burnham
Rancher
Posts: 1337
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
but these things can be done using Javascript itself.

The point of server-side validations is that they're performed on the server. Anything that's done on the client is susceptible to manipulation, and thus can't be trusted.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are not validating on the server, you are not validating at all. Client-side validation is sugar for the users and doesn't count as real validation.
 
Sai Hegde
security forum advocate
Ranch Hand
Posts: 214
1
Android Flex Google App Engine
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Business Rules should be essentially validated for on the server. Data Conversion/related validation can be handled on the client.
 
Lester Burnham
Rancher
Posts: 1337
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sai Hegde wrote:Data Conversion/related validation can be handled on the client.

No, they need to be done on the server as well; please see my and Bear's posts.
 
Sai Hegde
security forum advocate
Ranch Hand
Posts: 214
1
Android Flex Google App Engine
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ofcourse they should be done on the server as well... I was just trying to point what could be on the client as well... Did not mean they shouldn't be handled on the server side.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you all for the points .

Now i got from Sai Hegde point , In our Application also we are validating the File Format as per the Static maintanance in (Some business Rules )Database , which can be treated as server side validation .
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!