Good points, Dan... Do you use JS (jQuery, in particular) to perform client-side validation and CF for server-side?
Rick -----Original Message----- From: Dan G. Switzer, II [mailto:[EMAIL PROTECTED] Sent: Saturday, April 14, 2007 11:35 AM To: CF-Talk Subject: RE: Client-side validation or Server-side Validation? Rick, >It's probably just my ignorance about the use of JS, but why >can't JS be coded to insure clean code? > >I mean, if I set up validation to only allow digits on the client-side, >how can they insert hack code that will affect my server? >(I really know next to nothing about hacking servers and the code that >is used, so I really am just looking to be educated...) There are many very easy ways to bypass JavaScript validation. The user can disable it in their browser, a JS error could prevent your validation from running, a malicious user could just post data to your form page, etc, etc. The bottom line is you use JS to improve the user's experience. You use server-side validation to ensure your business rules are enforced. Client-side validation is used to provide the user a better experience, but if you assume that client-side code will always run, you are leaving your code up to be exploited. -Dan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade & see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275206 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
