The AJAX path would not fail twice. On the server side validation you would be calling the CFC directly not making an ajax call.
Russ -----Original Message----- From: Teddy Payne [mailto:[EMAIL PROTECTED] Sent: 16 October 2006 13:52 To: CF-Talk Subject: Re: Form Validation Custom Tag Snake, I did not miss your point. I was simply pointing out that when the AJAX path fails, you execute the same code when the action page is executed. This would create double redundancy. A good number of my clients have redundant validation. The security firms that have evaluated these clients suggest double validation. The financial services that I have interacted perform double redundancy. You see the trend. I just can't ignore double redundant validation even if it offers increased traffic. The clients demand it and security companies don't seem to discourage them from doing so. In addition, the execution time for a couple of extra conditional checks is neglible. I am not saying your process is incorrect. I am sure it works well and has good execution. I am just proposing to the alternate aspect that double validation is not a bad practice for those who want to create a greater level of security. Teddy On 10/16/06, Snake <[EMAIL PROTECTED]> wrote: > > Teddy, I think you missed the point. > The purpose of the CFC is to be used for both client and server > validation (as a CFC runs on the server), AJAX is simply a method of > calling that server side validation and using it client side. > So therefore you do not need to create a second server layer of > validation, as it is already there by default if the client validation > fails. > Therefore you would not need to check if Javascript is diabled, as the > server side check will still execute, but if you do not want to allow > access to your Site when javascript is disabled, there is nothing in > AJAX to stop you doing this, it is just Javascript after all. > > Russ > > -----Original Message----- > From: Teddy Payne [mailto:[EMAIL PROTECTED] > Sent: 16 October 2006 13:15 > To: CF-Talk > Subject: Re: Form Validation Custom Tag > > I am not sure advocating the reduction to one level is all accepted. > AJAX validation is great when JS is on and it works for the client > browser. In the advent that those two conditions do not exist, > additional steps need to be taken. Either you programmatically deny > permission to execute the page because they do not have JS on or their > browser is not in the correct target market or you create a catch all > second server layer of validation. Server validation is more traffic > and an extra step for the developer. > > What is an extra step when your first deviant user gets through your > first line of validation? I see that a lot of developers can write > server side validation quicker than they can with JS. The fact of the > matter is that CF does make it easy and quick to check a great deal of > data types and string patterns. > > Reducing the amount of validation is not a "pro" for using AJAX. It > is a consideration that has consequence. If you want to create a > unified validation process, have the same component used for the > remote call from AJAX be the same component that your action page > would user. This would introduce homogenous validation and a good example of code resuse. > > Teddy > > On 10/16/06, Snake <[EMAIL PROTECTED]> wrote: > > > > Claude, > > > > If the client has Javascript Disabled then you cannot do any > > clientside validation at all, so it makes no difference. > > As an AJAX call only sends/returns a very small amount of data, it > > is very quick, and is still quicker than server side only validation > > if the client has Javascript enabled. > > It means you do not have to write two separate validation routines, > > and if you are using AJAX in your site anyway, it will save code and > > loading time as well. > > > > Russ > > > > -----Original Message----- > > From: Claude Schneegans [mailto:[EMAIL PROTECTED] > > Sent: 15 October 2006 22:47 > > To: CF-Talk > > Subject: Re: Form Validation Custom Tag > > > > >>You could create a CFC that does all your validation, and use the > > >>same > > CFC for client side validation (via AJAX) and server side. > > > > Ajax or not, the idea is that I consider particularly awkward and > > cumbersome to interrogate the server just to confirm that a string > > is indeed an integer value, or a valid date in the calendar. This > > should definitely be done in Javascript in the client's browser. > > What if the client has Javascript deactivated? > > Then you have no Ajax either... > > > > -- > > _______________________________________ > > REUSE CODE! Use custom tags; > > See http://www.contentbox.com/claude/customtags/tagstore.cfm > > (Please send any spam to this address: [EMAIL PROTECTED]) > Thanks. > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:256879 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
