Hi, Michael... Your perspective agrees with everything I've been reading.
I was working on using jQuery to display error messages and using Ajax to send the form data over to a CF page for validation, but I couldn't get everything to work correctly. I was very close, but I'm new to JS in general and jQuery in particular and just figure out why the scheme wouldn't work. Do you use Ajax to pass data from the form to CF for validation, then return the results to the form page? Rick -----Original Message----- From: Michael E. Carluen [mailto:[EMAIL PROTECTED] Sent: Saturday, April 14, 2007 3:00 PM To: CF-Talk Subject: RE: Client-side validation or Server-side Validation? Rick, I agree with Dan and Zaphod's comments. I personally use both client and server side validation, at a minimum spec for my apps, even if I require that javascript be turned on. Think of it this way- jQuery (or any client side library for that matter) can not replace the kind of data integrity enforcement you can do with CF. jQuery is great for the form UI and other tasks like data entry formatting/data masking. CF, however, is where I do the data logic and rule heavy-lifting. I prefer that it is CF that 'monitors' any data to be written on the db. Again, I do this even if I require javascript be on, at minimum. If anyone has any comments in this approach, I'm all ears. Michael > -----Original Message----- > From: Dan G. Switzer, II [mailto:[EMAIL PROTECTED] > Sent: Saturday, April 14, 2007 8:35 AM > To: CF-Talk > Subject: RE: Client-side validation or Server-side Validation? > > Rick, > > >It's probably just my ignorance about the use of JS, but why > >can't JS be coded to insure clean code? > > > >I mean, if I set up validation to only allow digits on the client-side, > >how can they insert hack code that will affect my server? > >(I really know next to nothing about hacking servers and the code that > >is used, so I really am just looking to be educated...) > > There are many very easy ways to bypass JavaScript validation. The user > can > disable it in their browser, a JS error could prevent your validation from > running, a malicious user could just post data to your form page, etc, > etc. > > The bottom line is you use JS to improve the user's experience. You use > server-side validation to ensure your business rules are enforced. > > Client-side validation is used to provide the user a better experience, > but > if you assume that client-side code will always run, you are leaving your > code up to be exploited. > > -Dan > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275211 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
