Server validation is allways a good thing no matter which scenario. Dont trust what s coming from the client.
Best, Alain 2011/4/8 Stephan T <[email protected]> > The scenario: > I have a form where you can create a new person by entering name in a > textbox and click a button. When the user clicks the button I grab the > value from the textbox and sets it on the Person object. The Person > object validates the value and makes sure the name on the object only > contains a-z. If not execution stops and an error is presented to the > user. If all is good I send the Person object via an RPC call to the > server. > > The question: > When continuing execution on the server, can I be sure that the name > only contains a-z or do I have to do server validation as well for > protection from attackers? > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- GWT API for the Flash Platform http://code.google.com/p/gwt4air/ http://www.gwt4air.appspot.com/ -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
