Rick, I agree with Dan and Zaphod's comments. I personally use both client and server side validation, at a minimum spec for my apps, even if I require that javascript be turned on.
Think of it this way- jQuery (or any client side library for that matter) can not replace the kind of data integrity enforcement you can do with CF. jQuery is great for the form UI and other tasks like data entry formatting/data masking. CF, however, is where I do the data logic and rule heavy-lifting. I prefer that it is CF that 'monitors' any data to be written on the db. Again, I do this even if I require javascript be on, at minimum. If anyone has any comments in this approach, I'm all ears. Michael > -----Original Message----- > From: Dan G. Switzer, II [mailto:[EMAIL PROTECTED] > Sent: Saturday, April 14, 2007 8:35 AM > To: CF-Talk > Subject: RE: Client-side validation or Server-side Validation? > > Rick, > > >It's probably just my ignorance about the use of JS, but why > >can't JS be coded to insure clean code? > > > >I mean, if I set up validation to only allow digits on the client-side, > >how can they insert hack code that will affect my server? > >(I really know next to nothing about hacking servers and the code that > >is used, so I really am just looking to be educated...) > > There are many very easy ways to bypass JavaScript validation. The user > can > disable it in their browser, a JS error could prevent your validation from > running, a malicious user could just post data to your form page, etc, > etc. > > The bottom line is you use JS to improve the user's experience. You use > server-side validation to ensure your business rules are enforced. > > Client-side validation is used to provide the user a better experience, > but > if you assume that client-side code will always run, you are leaving your > code up to be exploited. > > -Dan > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275210 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
