Thanks for the tip, JJ! Rick
-----Original Message----- From: JJ Cool [mailto:[EMAIL PROTECTED] Sent: Saturday, April 14, 2007 8:01 PM To: CF-Talk Subject: Re: Client-side validation or Server-side Validation? >Ok.... > >So I've been getting into jQuery a lot lately. And being able to >do some of the user enhancements has been great. > >I've also begun, as one of those user enhancements, to use >client-side validation. Not for login's, but for mortgage calculators, >property search request forms, etc. Not critical, but important. > >But now that I've started down the client-side validation road, I hear >from passersby, "No! You should always validate server-side or both!" > >(I did experiment with jQuery to use Ajax to validate server-side with CF, >but couldn't quite pull it off, so for a mortgage calculator, I went totally >client-side just to get the project moving again...) > >But, apart from the "some users don't have Javascript turned on" argument, >why can't JS code be written that can validate as well as CF? ( I know I >can't >write the JS code right now, but that's beside the point...) > >Thoughts? > >Rick Rick, Never, never, ever trust data coming from the client side. It is very easy to bypass client side validation with a hacker tool like webscarab. Always validate client supplied data on the server side. A good resource for web app security is www.owasp.org and would do a better job of explaining security than I. Also, http://www.foundstone.com/ has an educational tool called hacme shipping written in coldfusion that teaches secure programming. CoolJJ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275226 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
