Snake, If you are looking for, "you are right." You are right. I was just providing alternatives.
Cheers, Teddy On 10/16/06, Snake <[EMAIL PROTECTED]> wrote: > > The AJAX path would not fail twice. On the server side validation you > would > be calling the CFC directly not making an ajax call. > > Russ > > -----Original Message----- > From: Teddy Payne [mailto:[EMAIL PROTECTED] > Sent: 16 October 2006 13:52 > To: CF-Talk > Subject: Re: Form Validation Custom Tag > > Snake, > I did not miss your point. > > I was simply pointing out that when the AJAX path fails, you execute the > same code when the action page is executed. This would create double > redundancy. > > A good number of my clients have redundant validation. The security firms > that have evaluated these clients suggest double validation. The > financial > services that I have interacted perform double redundancy. You see the > trend. > > I just can't ignore double redundant validation even if it offers > increased > traffic. The clients demand it and security companies don't seem to > discourage them from doing so. In addition, the execution time for a > couple > of extra conditional checks is neglible. > > I am not saying your process is incorrect. I am sure it works well and > has > good execution. > > I am just proposing to the alternate aspect that double validation is not > a > bad practice for those who want to create a greater level of security. > > Teddy > > On 10/16/06, Snake <[EMAIL PROTECTED]> wrote: > > > > Teddy, I think you missed the point. > > The purpose of the CFC is to be used for both client and server > > validation (as a CFC runs on the server), AJAX is simply a method of > > calling that server side validation and using it client side. > > So therefore you do not need to create a second server layer of > > validation, as it is already there by default if the client validation > > fails. > > Therefore you would not need to check if Javascript is diabled, as the > > server side check will still execute, but if you do not want to allow > > access to your Site when javascript is disabled, there is nothing in > > AJAX to stop you doing this, it is just Javascript after all. > > > > Russ > > > > -----Original Message----- > > From: Teddy Payne [mailto:[EMAIL PROTECTED] > > Sent: 16 October 2006 13:15 > > To: CF-Talk > > Subject: Re: Form Validation Custom Tag > > > > I am not sure advocating the reduction to one level is all accepted. > > AJAX validation is great when JS is on and it works for the client > > browser. In the advent that those two conditions do not exist, > > additional steps need to be taken. Either you programmatically deny > > permission to execute the page because they do not have JS on or their > > browser is not in the correct target market or you create a catch all > > second server layer of validation. Server validation is more traffic > > and an extra step for the developer. > > > > What is an extra step when your first deviant user gets through your > > first line of validation? I see that a lot of developers can write > > server side validation quicker than they can with JS. The fact of the > > matter is that CF does make it easy and quick to check a great deal of > > data types and string patterns. > > > > Reducing the amount of validation is not a "pro" for using AJAX. It > > is a consideration that has consequence. If you want to create a > > unified validation process, have the same component used for the > > remote call from AJAX be the same component that your action page > > would user. This would introduce homogenous validation and a good > example > of code resuse. > > > > Teddy > > > > On 10/16/06, Snake <[EMAIL PROTECTED]> wrote: > > > > > > Claude, > > > > > > If the client has Javascript Disabled then you cannot do any > > > clientside validation at all, so it makes no difference. > > > As an AJAX call only sends/returns a very small amount of data, it > > > is very quick, and is still quicker than server side only validation > > > if the client has Javascript enabled. > > > It means you do not have to write two separate validation routines, > > > and if you are using AJAX in your site anyway, it will save code and > > > loading time as well. > > > > > > Russ > > > > > > -----Original Message----- > > > From: Claude Schneegans [mailto:[EMAIL PROTECTED] > > > Sent: 15 October 2006 22:47 > > > To: CF-Talk > > > Subject: Re: Form Validation Custom Tag > > > > > > >>You could create a CFC that does all your validation, and use the > > > >>same > > > CFC for client side validation (via AJAX) and server side. > > > > > > Ajax or not, the idea is that I consider particularly awkward and > > > cumbersome to interrogate the server just to confirm that a string > > > is indeed an integer value, or a valid date in the calendar. This > > > should definitely be done in Javascript in the client's browser. > > > What if the client has Javascript deactivated? > > > Then you have no Ajax either... > > > > > > -- > > > _______________________________________ > > > REUSE CODE! Use custom tags; > > > See http://www.contentbox.com/claude/customtags/tagstore.cfm > > > (Please send any spam to this address: [EMAIL PROTECTED]) > > Thanks. > > > > > > > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:256889 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
