• Post Reply Bookmark Topic Watch Topic
  • New Topic

where the username and password values will be stored ?  RSS feed

 
janardhan venkatrao
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi friends,
Usually we do validate the client's data by comparing the DB values.

But while we do the client side validations where these values will be validated ?

Thanks!!
 
Tim Moores
Saloon Keeper
Posts: 3512
77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What kind of validation is this that needs DB data?
 
Punit Jain
Ranch Hand
Posts: 1028
2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if validation is client side, than how it will need db values???
 
Tim Moores
Saloon Keeper
Posts: 3512
77
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can't validate username/password on the client.
 
Punit Jain
Ranch Hand
Posts: 1028
2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

You can't validate username/password on the client.


ahhh ya..
thanks for correcting..
 
Rob Spoor
Sheriff
Posts: 20898
81
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But you can use AJAX to do so. I've written one site where the entire login is AJAX based. Instead of the entire page submitting, an AJAX request is made with the username and password. The AJAX response includes the XML needed to rebuild the user interface for the now logged in user.
 
janardhan venkatrao
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Moores wrote:What kind of validation is this that needs DB data?


Let us say the username and password values from DB.
In this case if i want to do the client side validation by using java script then how those values will be compared with the DB values ?
 
janardhan venkatrao
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Punit Jain wrote:if validation is client side, than how it will need db values???

Yes. you are right. But how do we get the user name and password values to compare with client data ? while we do client side validation ?
 
Amit Ghorpade
Bartender
Posts: 2856
10
Fedora Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the username and password are retrieved from the DB then they must be present in the page somewhere like hidden form fields.
But no matter where they are present, its a really bad idea to do the validation on client side.
Just seeing the source of the page will reveal the username and password with the validation logic, making the login process almost useless.

Hope this helps
 
Tim Moores
Saloon Keeper
Posts: 3512
77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
janardhan venkatrao wrote:Yes. you are right. But how do we get the user name and password values to compare with client data ? while we do client side validation ?

In the same sentence you agree that you can't do client-side validation, yet ask how to do it?
 
janardhan venkatrao
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Moores wrote:
janardhan venkatrao wrote:Yes. you are right. But how do we get the user name and password values to compare with client data ? while we do client side validation ?

In the same sentence you agree that you can't do client-side validation, yet ask how to do it?

I didn't mean that.
And do you suggesting that we can't do client side validations at all.

Coming to the point : Let's say that i need to check the username : xyz and password : 1234 with java script by client side validation.
then how to do it.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
janardhan venkatrao wrote:And do you suggesting that we can't do client side validations at all.

No one said that. What was said is that authentication validation can't be done on the client side.

(But while non-authentication validations can occur on the client, they must be repeated on the server. You can't trust the client.)

Coming to the point : Let's say that i need to check the username : xyz and password : 1234 with java script by client side validation.

then how to do it.

For the last time: you don't! What would be the point of having a username and password if they were available on the client? Anyone could look at the source of the page and see the expected password.

Bottom line: authentication must occur on the server.
 
janardhan venkatrao
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:
janardhan venkatrao wrote:And do you suggesting that we can't do client side validations at all.

No one said that. What was said is that authentication validation can't be done on the client side.

(But while non-authentication validations can occur on the client, they must be repeated on the server. You can't trust the client.)

Coming to the point : Let's say that i need to check the username : xyz and password : 1234 with java script by client side validation.

then how to do it.

For the last time: you don't! What would be the point of having a username and password if they were available on the client? Anyone could look at the source of the page and see the expected password.

Bottom line: authentication must occur on the server.


Thanks Brother! I really got what i need!
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!