Phil,
Determining if the client has JavaScript enabled - easy, create a page with
a JavaScript redirect as well as a META refresh tag after a few seconds.
The JavaScript will redirect to page A if JavaScript is enabled, the META
tag will redirect to page B if it is not. For different versions of
JavaScript, just use <SCRIPT LANGUAGE="JavaScript 1.2"> to ensure that only
browsers which support this version of JavaScript execute the code.
Eric M. Andersen
I/T Specialist
IBM Global Services
Tel: (781) 895-2637, Fax : (781) 895-2843, t/line : 362-2637
Internet ID: [EMAIL PROTECTED]
Lotus Notes ID: Eric M Andersen/Waltham/IBM
Phil <[EMAIL PROTECTED]>@JAVA.SUN.COM> on 12/21/99 12:29:37 PM
Please respond to Phil <[EMAIL PROTECTED]>
Sent by: A mailing list about Java Server Pages specification and
reference <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc:
Subject: Re: offtopic:JavaScript & Security
> offtopic:JavaScript & Security
I'd say it is on topic, pointing to assumptions of dynamic page generation,
the "heart" of JSPs.
As Ross points our, relying on javascript for validation is troubling.
I think the client dependency issue is a little misdirected. Many tutorials
suggest javascript validation; yet, many clients turn off javascript --
pretty dismal if your JSPs assume support.
Does anyone know of tutorials on serverside validation, such as for
Sanjay's
question or for determining if the client has enabled/disabled
java/javascript?
Several seem interested in the topic. Please consider posting your replies
to the group.
Phil
-----Original Message-----
From: Radhakrishnan, Sanjay (c) <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, December 21, 1999 9:56 AM
Subject: Re: offtopic:JavaScript & Security
>Ross,
>
> If i am going to do validation on the frontend and do the same on
>the backend/middle tier as well, then im wondering whether i should use
>JavaScript at all to do client side validation. In any case if Im going to
>do serverside validation then I might as well do the validation only on
the
>serverside to avoid any overhead on the clientside.
>
> So does all these websites which do ClientSide Validation also do
>the same on the ServerSide.
>
>Thanks for your time
>Sanjay
>-----Original Message-----
>From: Ross Dyson [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, December 21, 1999 11:15 AM
>To: Radhakrishnan, Sanjay (c); [EMAIL PROTECTED]
>Subject: RE: offtopic:JavaScript & Security
>
>
>This is a favourite way to hack web sites, when they rely only on
Javascript
>to secure them. The user only has to turn off javascript in their browser
>to avoid any checking.
>
>You must validate front and back!! Javascript gives instant feedback
only.
>
>-----Original Message-----
>From: A mailing list about Java Server Pages specification and reference
>[mailto:[EMAIL PROTECTED]]On Behalf Of Radhakrishnan, Sanjay (c)
>Sent: Tuesday, December 21, 1999 16:14
>To: [EMAIL PROTECTED]
>Subject: offtopic:JavaScript & Security
>
>
>We are planning to develop a system for delivering reports over the web.
>HTML and JavaScript would be used in doing the frontend interface.
>
>My question to the group is this how secure is JavaScript. I understand
that
>one of the most common Uses of JavaScript is doing client side validation.
>But the problem(it maynot be) that i see with JavaScript is that an
>intelligent user can do a view source on the browser change the
JavaScript,
>and hence could change the validation rule and could enter incorrect data
>into the system.
>
>Is this a possibility or am i missing something here.
>
>Thanks for your time
>
>Sanjay
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
