In a recent note, Steve Comstock said: > Date: Fri, 17 Jun 2005 09:01:09 -0600 > > Shmuel (Seymour J.) Metz wrote: > > > > Warn about data validation. Tell them not to validate user input, > > e.g., addresses, names, unless they *FULLY* understand[2] the syntax. > > Tell them that if they have restrictions on the formats[3] of, e.g., > > SSN, Telephone number, ZIP code, then they should spell them out. > > And that if integrity depends on validity, they must validate at the server, not just in a Javascript at the client. A rogue client can readily forge a validation.
-- gil -- StorageTek INFORMATION made POWERFUL ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
