I am using jQuery to disable some form buttons. Simple stuff. But how can I prevent users from editing the DOM and enabling the button themselves so they can work around the restrictions I put in place?
Asked
Active
Viewed 69 times
1
-
1You cannot! You have to use server side logic script as PHP – A. Wolff Jan 07 '13 at 16:57
-
1[This question](http://stackoverflow.com/questions/162159/javascript-client-side-vs-server-side-validation) may be of use to you. Keep in mind that the client cannot be trusted to validate its own input to your server. – Ryan Stein Jan 07 '13 at 17:00
4 Answers
10
You can't. The client is completely under the control of the user.
You can only handle what data you accept when it is submitted to the server.
Use client side code to make things convenient for users. Use server side code to enforce security and other restrictions.
Quentin
- 914,110
- 126
- 1,211
- 1,335
-
Thank you. I understand. Thus I need to validate every input in the server-side. – tvb Jan 07 '13 at 18:03
1
You can't. The DOM is entirely handled by the browser. Once you've sent off the page to the client, it's out of your hands. All you can do is keep track of whether an action is allowed on the server, and allow or disallow it when they try.
Joe C.
- 1,538
- 11
- 14
1
You can't force the user to do anything, neither can you prevent them from doing anything. If you could, spammers would have a field day.
This is why EVERYTHING MUST be validated on the server-side.
Niet the Dark Absol
- 320,036
- 81
- 464
- 592
0
You can't!!! Once the DOM is at the client side you don't have control over it the best way to ensure security is to handle it also via server side.
Dynamikus
- 2,861
- 4
- 22
- 20