Should you do validation on the server side?

javascript ajax validation

Browser/client-side validation is a convenience. You cannot rely on it. You absolutely need to duplicate any client-level validation with server-side validation.

javascript ajax validation

Well, fine, all YOUR code is correct. What happens when a hacker replaces your javascript with one of their liking, or just plain submit POSTs and GETs as if it were your code?

Validating at the client is a usability issue.

Validating at the point of USAGE is a security issue.

That last point is important, because if you do not validate at the point of usage, you are making your code highly coupled. If you change a module, it breaks things elsewhere because you validated at the wrong point.

For instance, you validate data against SQL injection before storing in a SQL database -- the library will do that for you if you choose a good one. You validate data against CSS when you display it as HTML. But if you expose the data it as XML, RSS or JSON, then the validation is different -- if you validated it just at input, you wouldn't prevent exploits for the other formats, AND your input routine would be tied to the output formats you choose.

javascript ajax validation

I always view it as

Client validation is for useability
Server validation is for security.

CodeHunter

Should you do validation on the server side?

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last