On 6/03/2014 2:11 PM, Arthur T. wrote:
On 5 Mar 2014 10:05:58 -0800, in bit.listserv.ibm-main
(Message-ID:<CADEq6i9SMRxz4fz3XNNTq+0eMWxk0E=atqga1w-awhjcyjj...@mail.gmail.com>)
[email protected] (jan de decker) wrote:
I am building a small web application that interfaces with RACF.
On the client side I only have the IBM default supplied classes.
I want validate as much as possible on the client before sending it
to the
server.
Never do validation on the client side. Someone might decide to
write their own client, or something else silly, just to get by
restrictions. It's especially important not to trust client-side
*security* validation.
That depends on what you're validating. If it's just syntax for a class
name then validating on the client is surely better than pinging it off
to a server.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
