Thanks for the feedback, Paul... Ok... so let's say I build server- and client-side validation for forms.
What about the front-end niceties, say, for example, a calendar of events that has a link that when clicked causes a panel of details to slide into view on the page. I guess to compensate for lack of JS, I'd have to create a link to a details page or something. For every JS function, a non-JS backup function to compensate? Rick -----Original Message----- From: Paul Vernon [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 17, 2007 8:17 AM To: CF-Talk Subject: RE: Client-side validation or Server-side Validation? > So.. what does everyone on this list do? Use JS and AJAX? > Not use JS and AJAX? Constantly build JS-enabled/JS-disabled > redundant apps and sites? Use JS and AJAX only where it > failure doesn't matter? I start from a good solid server-side validation viewpoint. Make sure it works and is stable. Then, if there is a user interface issue that can be made easier if JS is available I will implement it. That way, if it isn't there, it falls back to the default HTML behaviour and isn't so slick but it *works* and is as secure as it always was because I validate on the server side too... These days, it's all to easy for me (or anyone else) to "disable Javascript" in Firefox. With IE, the settings are slightly more buried but it's still not rocket science... The thing is if someone were to try to hack your sites, downloading and analysing the JS is too much trouble when you can just turn it off and effectively bypass it... Also, think about those hackers that don't use your forms to submit to your site... Instead, they craft a form themselves for their illicit purpose. They have no JS, just a form submission tool that can craft malicious content. If someone were to submit malicious content to your form handlers what would the handlers do? In terms of implementation of validation, server-side first and last and always, client-side second and optional. NB.. If you spot a reference to a song in here... It's completely intentional! Paul ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275554 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
