Hi I'm just new and I encounter problems like, should I validate null lists in javascript or should I do it in the server. I looked around the Web and I just got worse. Are there any standards followed when it comes to validations that can be done through the client and server side?
Asked
Active
Viewed 45 times
3 Answers
2
First of all: Never trust the client! See e.g. Why is client-side validation not enough? and read about defensive programing.
You can't know what the user have done to the client-code, so sensitive things (logins/passwords/etc) should never be validated on the client side. Non-important things can be validated on the client-side, but you might want to have some validation on the server-side as well.
Community
- 1
- 1
Some programmer dude
- 400,186
- 35
- 402
- 621
-
Hey thanks for that, additional knowledge for me ! – ElementaryStudentProgramming May 07 '14 at 09:07
1
You should validate often client side to keep load off of the server. But Validating on server side is a must! Users can get around client side validation by simply opening the inspector, inputting data and submitting forms, so protecting against stuff like that is very important. I always do both as often as possible
tylerlindell
- 1,545
- 2
- 17
- 20
-
I understand, thanks! you guys gave similar answers and I forgot security. Thanks!! – ElementaryStudentProgramming May 07 '14 at 06:56
1
The short answer is: Do the server side validation. (Period)
In fact, you have to do server side validations. You can not trust in client side validation, since the code runs on the clients computer and the user can modify your javascript code via developer tools found in all browsers.
Pred
- 8,789
- 3
- 26
- 46
-
Thank you!! same answer as above , and yes i guess it is a must! thank you! – ElementaryStudentProgramming May 07 '14 at 06:57
-
Even if a user modifies js code they cannot make it work, but modifying CSS and html would be functional if one of those two things were changed. – tylerlindell May 07 '14 at 06:58
-
@tlindell: are you sure, that the modified JS code would not work? You can modify the js code vie console and it will work. You can also attach and detach event handlers. Also there are client tools such as greasemonkey which allows to create custom JS code to specific websites. – Pred May 07 '14 at 07:10
-
I have tried to do this in the console and it has not worked for me:-P I will check out grease monkey though, thank you! – tylerlindell May 07 '14 at 13:13
-
You can redefine any functions: copy the original code -> modify it in a text editor -> copy back the modified definition into the console -> run it. If it is an event handler, you can detach it, the attach a new one. – Pred May 07 '14 at 13:19