Server side validation in java

Question

Can any one explain me the need and scenarios of server-side validation in java. why can't we use the validation at the client-side using javascript?

Have a look at another SO question : http://stackoverflow.com/questions/162159/javascript-client-side-vs-server-side-validation — CyprUS, Apr 30 '12 at 08:20

Tomasz Nurkiewicz · Answer 1 · 2012-04-30T08:24:09.083

5

Because an attacker can bypass client-side validation by simply disabling JavaScript or calling your server with external tools like httpclient or curl. Finally with tools like firebug one can submit virtually anything.

Also it makes your GUI much more responsive as you don't have to reload the page every time a user tries to submit the form (so moreover, it reduces the network traffic and server load).

edited Apr 30 '12 at 08:24

answered Apr 30 '12 at 08:18

Tomasz Nurkiewicz

334,321
69
703
674

score 2 · Answer 2 · answered Apr 30 '12 at 08:18

Client side validation is good for a better user experience, if he made an error, there's no need to send an HTTP request to find that out.

For example - if the user name should be at least 3 characters long, and the user enters 2, you can immediately tell to the user that there's a problem.

Server side validation protect the server from corrupted / malicious requests, that might be sent by dishonest users.

For example - if the user tries to execute a query that he shouldn't using SQL injection, you can prevent it in the server side, since he may not send the query through you web site, but from a different client.

score 1 · Answer 3 · answered Apr 30 '12 at 08:18

1

Mainly for security reasons. If somehow, someone manages to modify your client and bypass validation, you could seriously compromise your server.

answered Apr 30 '12 at 08:18

Guillaume Polet

47,259
4
83
117

Server side validation in java

3 Answers3