thanks for the replies. just so i understand: lets say the client (extjs) passes over a string to be stored in the database. Extjs has checked that it is a string and a length of 50, and that it doesnt have any speech marks. the server then tries to insert it into the database which has a cfqueryparam that checks it is a string and a max length of 50. do you think this is enough validation, or would you do any further checks? do you think the server should also check there are no speech marks in the text as well?
thanks > Hi, > > when at university i read that it is always best to have 3 layers of > validation (client,server,database) which i have been doing in my > applications. > > I have now built a few web applications using extjs, which i think has > excellent validation features. > > I am developing a new web application and starting to wonder why all > the additional work is needed to put all the same validation into the > server and the database when extjs does so well. > > i understand there must be a lot of security on the server and > database, and any variables accepted by the server can have the type > attribute set, but is it really necessary to replicate validation on > all 3 layers? > > i have never had the validation on the server or database fire purely > because extjs is so good! > > would appreciate others thoughts on this > > thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337362 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
