As I stated when I responded to Robert... I'm leaning towards using a combination of JS on the interface and CF for data validation. That'll take care of security.
Rick -----Original Message----- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 1:17 PM To: CF-Talk Subject: RE: Client-side validation or Server-side Validation? That's all well and good, but it still doesn't prevent a black hat from posting directly to your web server (They wouldn't even need to use a browser) in an attempt to pass data that would have not been permissible from the form. I see JavaScript as flimsy when it comes to security issues because I can't control it. There are too many tools which even let users modify the contents of hidden fields on a page. Even thought it is extra work, I still back up my client-side validation with server side validation. Besides, sometimes I have the need to do more than simple data-type validation like "That order number is not found in our database". How would you do that in JavaScript without going to the server anyway? ~Brad -----Original Message----- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 11:58 AM To: CF-Talk Subject: RE: Client-side validation or Server-side Validation? I'm all for forcing users of sites I develop to use Javascript. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275414 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
