Thanks for the comments, Ariel... Your proposal certainly sounds good to me. As we all wrestle more and more with the need/desire to produce JS/Ajax enhanced interfaces and functionality with the need/desire to produce increasingly secure environments some way to bridge the gap in development is certainly needed.
Rick -----Original Message----- From: Ariel Jakobovits [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 17, 2007 3:10 AM To: CF-Talk Subject: Re: Client-side validation or Server-side Validation? I think we, as a community of developers, should address the real problem here. Actually there are several, but they are all related to the basic need for a framework that will make our programming lives easier when dealing with the topic of input validation. I mean, look, how many of us were adding as much javascript to our sites as we are now before toolkits like jQuery came along? So, for example, there is this and that validation plugin, and those are general steps to provide tools or frameworks to simplify the process of adding client-side validation. But why stop there? Because we don't want to tackle the larger issue? See, I understand everyone's perspective on this issue. Some have to care about non-javascript users, some don't need to care about any particular user because its not their business. Some care, but don't have the time or the resources or the patience or the know-how. But I'm sure that if we had a "magic" solution that allowed us all to have client-side validation, both client-only and AJAX based, as well as non-javascript-degradable sites, as well as complete server-side validation because we had lightweight javascript code, plenty of server processing bandwidth and memory, and the ease of installing all this code into our applications, then we would all do it together. We only bicker because we all are balancing our capabilities with our priorities and we are each coming up with different conclusions. Truth is, with client computer processing power where it is, and network bandwidth where it is, and models like Amazon web services offering extremely cheap and efficient server processing power, there is no reason that we, as developers, can't start considering having it all. The way I see it, we should probably start assuming that we will have to have it all because that's the direction publishing on the Internet is going. I mean, let's say you aren't worried about malicious attacks, so you figure client-side validation is enough, but then one day you realize that some mashup service is posting directly to your servers. That's not bad, just unexpected. So, how about we start with saying, "We want to be able to validate client-side and server-side with none, one or many AJAX calls, minimize complexity of code installation, and have no users complaining about sites that don't work without javascript" and begin to develop a solution to do that. It's possible. I am convinced of that because of what I have seen become possible with jQuery alone. Just as code generation tools aim to ease the work of becoming object-oriented by creating bean classes for us based on database schemas, we can develop a framework to take our basic needs, expressed in minimal terms, and translate them into whatever demands or expectations we have. We could develop a language for expressing validation generally and write tools that produce validation code in javascript, php, ColdFusion, ActionScript, etc. for us and not feel that we have to choose one or the other. This would be just one element of a complete solution. If we are worried about how such code gets incorporated into a larger framework, then maybe we need to design a framework that is loosely enough coupled, as we all want our frameworks to be, to incorporate these things easily. I know this has been done before, or at least attempted. But maybe its worth another shot by us. Let's start by compounding all of our requirements for this and see if we can develop a solution however slowly. Might be a good project to be based in the commadot website. I submit my remaining time for questions, comments, and lambasting. -Ariel ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade & see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275530 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
