When server side validation is required?

Question

I am submitting a form using jquery like if a user clicks on the submit image it will submit the form. So in this case if the user will disable java script on the browser ,user can not submit the form.

So do I need server side validation for this form ? Because what i know is server side validation helpful when some one disable javascript on the browser , But as in my case the user can not submit the form after disabling the javascript, so why do i need server side validation.

If I am wrong, In which cases do i need server side validation?

Answer 1

Because your client side validation may be subverted.

For example - on the web, if you are using javascript for validation, it is very easy to either turn javascript off, or change how it works using tools such as FireBug.

Event with other client/server methods, it is possible for the data link to be subverted and the "validated" data can be changed on the way to the server (Man In The Middle attack).

In general, the maxim "never trust the client" is the reason that you need to always validate on the server.

You may ask in that case, why validate on the client? In order to provide immediate feedback.

Why do we need server side as well as client side validation for Web applications?

checkout this

Answer 2

Irrespective of your client side validations, we have to implement server side validations to maintain security else anyone can hack your URL and send data through URL. So having server side validations is very good practice

Answer 3

i have simple answer.. if user disabled client side script then dont show form/ content..so user will forcefully enabled script @ client end..

<html>
<body>
<noscript>
  Activate script for better result.. 
  <style>div { display:none; }</style>
</noscript>
<div>
u r form code goes here
</div>
</body>
</html>