Re: New to JSP

Tue, 7 Dec 1999 10:59:07 -0800 

The downside to that option is that it is theoretically possible for someone
to open the code locally, change the values according to their needs, and
pass along a correct checksum.

-----Original Message-----
From: Eric Heflin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 07, 1999 10:27 AM
To: [EMAIL PROTECTED]
Subject: Re: New to JSP



Matt:

Why not have the client-side script not only do validation, but also set a
hidden form field to a checksum (like a CRC) to indicate that the client
side validation has occurred?  The server-side scripting can first determine
if the checksum was correct, and if so, it will know that the client-side
scripting executed.  If the checksum is wrong, then the server-side script
will do full input validation.  That way, if the client validation took
place, you don't need to waste server processing cycles by redoing a
validation that already occurred.

Eric Heflin, Director of Software Development
Complete Data Solutions
[EMAIL PROTECTED]
801.362.9669 cell
801.765.0093 x208 office

-----Original Message-----
From: Augusto Sellhorn [ mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
]
Sent: Monday, December 06, 1999 11:23 PM
To: [EMAIL PROTECTED]
Subject: Re: New to JSP


Matt Krevs <[EMAIL PROTECTED]>  wrote:

>2. Its possible for the client to disable javascript. ie All javascript
>validation needs to be repeated on the server in your servlets/beans.
>
>Basically I work on the premise that any info sent to the server needs to
be
>completely validated again.

A good premise. You can't trust client validation.

The only good point I see for client side validation is that it's quicker,
since you can save network ops for simple errors like fill this field,
etc. But like you say in a way, what matters is the server side val.
----------
Message To Spammers -- Game Over!  Get spam-free email at
http://www.MsgTo.com <http://www.MsgTo.com>

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
FAQs on JSP can be found at:
  http://java.sun.com/products/jsp/faq.html
<http://java.sun.com/products/jsp/faq.html>
  http://www.esperanto.org.nz/jsp/jspfaq.html
<http://www.esperanto.org.nz/jsp/jspfaq.html>

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html

Reply via email to