Rick, >It's probably just my ignorance about the use of JS, but why >can't JS be coded to insure clean code? > >I mean, if I set up validation to only allow digits on the client-side, >how can they insert hack code that will affect my server? >(I really know next to nothing about hacking servers and the code that >is used, so I really am just looking to be educated...)
There are many very easy ways to bypass JavaScript validation. The user can disable it in their browser, a JS error could prevent your validation from running, a malicious user could just post data to your form page, etc, etc. The bottom line is you use JS to improve the user's experience. You use server-side validation to ensure your business rules are enforced. Client-side validation is used to provide the user a better experience, but if you assume that client-side code will always run, you are leaving your code up to be exploited. -Dan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275205 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
