Matt:
Why not have the client-side script not only do validation, but also set a hidden form field to a checksum (like a CRC) to indicate that the client side validation has occurred? The server-side scripting can first determine if the checksum was correct, and if so, it will know that the client-side scripting executed. If the checksum is wrong, then the server-side script will do full input validation. That way, if the client validation took place, you don't need to waste server processing cycles by redoing a validation that already occurred.
Eric Heflin, Director of Software Development
Complete Data Solutions
[EMAIL PROTECTED]
801.362.9669 cell
801.765.0093 x208 office
-----Original Message-----
From: Augusto Sellhorn [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 06, 1999 11:23 PM
To: [EMAIL PROTECTED]
Subject: Re: New to JSP
Matt Krevs <[EMAIL PROTECTED]> wrote:
>2. Its possible for the client to disable javascript. ie All javascript
>validation needs to be repeated on the server in your servlets/beans.
>
>Basically I work on the premise that any info sent to the server needs to be
>completely validated again.
A good premise. You can't trust client validation.
The only good point I see for client side validation is that it's quicker,
since you can save network ops for simple errors like fill this field,
etc. But like you say in a way, what matters is the server side val.
----------
Message To Spammers -- Game Over! Get spam-free email at http://www.MsgTo.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
