> offtopic:JavaScript & Security
I'd say it is on topic, pointing to assumptions of dynamic page generation,
the "heart" of JSPs.
As Ross points our, relying on javascript for validation is troubling.
I think the client dependency issue is a little misdirected. Many tutorials
suggest javascript validation; yet, many clients turn off javascript --
pretty dismal if your JSPs assume support.
Does anyone know of tutorials on serverside validation, such as for Sanjay's
question or for determining if the client has enabled/disabled
java/javascript?
Several seem interested in the topic. Please consider posting your replies
to the group.
Phil
-----Original Message-----
From: Radhakrishnan, Sanjay (c) <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, December 21, 1999 9:56 AM
Subject: Re: offtopic:JavaScript & Security
>Ross,
>
> If i am going to do validation on the frontend and do the same on
>the backend/middle tier as well, then im wondering whether i should use
>JavaScript at all to do client side validation. In any case if Im going to
>do serverside validation then I might as well do the validation only on the
>serverside to avoid any overhead on the clientside.
>
> So does all these websites which do ClientSide Validation also do
>the same on the ServerSide.
>
>Thanks for your time
>Sanjay
>-----Original Message-----
>From: Ross Dyson [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, December 21, 1999 11:15 AM
>To: Radhakrishnan, Sanjay (c); [EMAIL PROTECTED]
>Subject: RE: offtopic:JavaScript & Security
>
>
>This is a favourite way to hack web sites, when they rely only on
Javascript
>to secure them. The user only has to turn off javascript in their browser
>to avoid any checking.
>
>You must validate front and back!! Javascript gives instant feedback only.
>
>-----Original Message-----
>From: A mailing list about Java Server Pages specification and reference
>[mailto:[EMAIL PROTECTED]]On Behalf Of Radhakrishnan, Sanjay (c)
>Sent: Tuesday, December 21, 1999 16:14
>To: [EMAIL PROTECTED]
>Subject: offtopic:JavaScript & Security
>
>
>We are planning to develop a system for delivering reports over the web.
>HTML and JavaScript would be used in doing the frontend interface.
>
>My question to the group is this how secure is JavaScript. I understand
that
>one of the most common Uses of JavaScript is doing client side validation.
>But the problem(it maynot be) that i see with JavaScript is that an
>intelligent user can do a view source on the browser change the JavaScript,
>and hence could change the validation rule and could enter incorrect data
>into the system.
>
>Is this a possibility or am i missing something here.
>
>Thanks for your time
>
>Sanjay
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
