Re: 3 layers of validation?

Thu, 23 Sep 2010 06:32:01 -0700 

IMO...

- You *always* need server side validation, because as mentioned,
client validation may not always run, and also so you can make an API
available beyond browser front ends.

- If that's true, I prefer to stay DRY and write validation in only
one place, so that means on the server not the client. To work with
that, you probably want to establish infrastructure and conventions to
communicate server-side bus rule failures back to the client for
presentation to the user. For example, our ajax layer includes the
ability to specify mappings of back-end method arguments to a
"friendly name" you can say to the user ("Last name is required", not
last_name), and a list of DOM IDs that should get highlighted in the
UI if the data for that argument is invalid.

Dave

On Thu, Sep 23, 2010 at 8:34 AM, Rick Root <[email protected]> wrote:
>
> Database validation probably comes into play in a couple ways.
>
> #1 - datatypes and constraints (including things like foreign keys)
> provide some level of database validation.
> #2 - if you're using stored procedures to perform actions, stored
> procedures can sometimes have business logic validation in them as
> well.
>
> Of course we all use database validation like #1.  Although I've
> written a few stored procedures, I've neve really put any validation
> in them.
>
> Server validation protects you against a number of things that client
> validation absolutely cannot do.
>
>  - bugs in client side validation
>  - hackers/spambots who aren't using the web client that you built and
> try to post things directly to your server side scripts, cfcs, etc.
>
> Rick
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337368
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Reply via email to