Arnab Nandi wrote:
>
> But suppose Javascript is enabled, why go about server side validation
> again?
>
You must never trust in users!
Always is posible to get the html file, modificate it, and do something
you were not ready to. Client validation is quick and usefull for
'normal users', but application must be secure enough to do only what
you want it to do.
Carlos
> -----Original Message-----
> From: Joseph Ottinger [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 13, 2001 5:14 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Form processing
>
> Let's all try over-reacting...
>
> Anyway, both sides are correct - you can't rely on Javascript in all
> cases,
> and it's excellent for validating client-side form entry where it's
> available. The result? You validate on the client side when you can, and
> on
> each submission, you STILL check the input for correctness, just in case
> Javascript isn't available. That way, if the client DOES have
> Javascript,
> they have fewer round trips, and if they don't have Javascript, you
> still
> manage to catch errors before they happen.
>
_____________________________________________________
Carlos Teller�a
Area de Inform�tica
Secretar�a General de Sanidad, Consumo y Bienestar Social
Gobierno de Arag�n
Tel.: 976 71 40 00 - ext. 2061
Fax: 976 71 42 11
email: [EMAIL PROTECTED]
____________________________________________________
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
