Re: offtopic:JavaScript & Security

Tue, 21 Dec 1999 08:52:05 -0800 

Ross,

        If i am going to do validation on the frontend and do the same on
the backend/middle tier as well, then im wondering whether i should use
JavaScript at all to do client side validation. In any case if Im going to
do serverside validation then I might as well do the validation only on the
serverside to avoid any overhead on the clientside.

        So does all these websites which do ClientSide Validation also do
the same on the ServerSide.

Thanks for your time
Sanjay
-----Original Message-----
From: Ross Dyson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 21, 1999 11:15 AM
To: Radhakrishnan, Sanjay (c); [EMAIL PROTECTED]
Subject: RE: offtopic:JavaScript & Security


This is a favourite way to hack web sites, when they rely only on Javascript
to secure them.  The user only has to turn off javascript in their browser
to avoid any checking.

You must validate front and back!!  Javascript gives instant feedback only.

-----Original Message-----
From: A mailing list about Java Server Pages specification and reference
[mailto:[EMAIL PROTECTED]]On Behalf Of Radhakrishnan, Sanjay (c)
Sent: Tuesday, December 21, 1999 16:14
To: [EMAIL PROTECTED]
Subject: offtopic:JavaScript & Security


We are planning to develop a system for delivering reports over the web.
HTML and JavaScript would be used in doing the frontend interface.

My question to the group is this how secure is JavaScript. I understand that
one of the most common Uses of JavaScript is doing client side validation.
But the problem(it maynot be) that i see with JavaScript is that an
intelligent user can do a view source on the browser change the JavaScript,
and hence could change the validation rule and could enter incorrect data
into the system.

Is this a possibility or am i missing something here.

Thanks for your time

Sanjay

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
FAQs on JSP can be found at:
 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html

Reply via email to