Is validation on client side enough or do I need both?
The scenario: I have a form where you can create a new person by entering name in a textbox and click a button. When the user clicks the button I grab the value from the textbox and sets it on the Person object. The Person object validates the value and makes sure the name on the object only contains a-z. If not execution stops and an error is presented to the user. If all is good I send the Person object via an RPC call to the server. The question: When continuing execution on the server, can I be sure that the name only contains a-z or do I have to do server validation as well for protection from attackers? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Is validation on client side enough or do I need both?
Server validation is allways a good thing no matter which scenario. Dont trust what s coming from the client. Best, Alain 2011/4/8 Stephan T stephan.tern...@gmail.com The scenario: I have a form where you can create a new person by entering name in a textbox and click a button. When the user clicks the button I grab the value from the textbox and sets it on the Person object. The Person object validates the value and makes sure the name on the object only contains a-z. If not execution stops and an error is presented to the user. If all is good I send the Person object via an RPC call to the server. The question: When continuing execution on the server, can I be sure that the name only contains a-z or do I have to do server validation as well for protection from attackers? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- GWT API for the Flash Platform http://code.google.com/p/gwt4air/ http://www.gwt4air.appspot.com/ -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Is validation on client side enough or do I need both?
Never trust a client. -Ben On Apr 8, 6:52 am, Stephan T stephan.tern...@gmail.com wrote: The scenario: I have a form where you can create a new person by entering name in a textbox and click a button. When the user clicks the button I grab the value from the textbox and sets it on the Person object. The Person object validates the value and makes sure the name on the object only contains a-z. If not execution stops and an error is presented to the user. If all is good I send the Person object via an RPC call to the server. The question: When continuing execution on the server, can I be sure that the name only contains a-z or do I have to do server validation as well for protection from attackers? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Is validation on client side enough or do I need both?
if is the same validation... I will create a shared class like FieldValidation on GwtExample On 8 abr, 10:17, Ben Imp benlee...@gmail.com wrote: Never trust a client. -Ben On Apr 8, 6:52 am, Stephan T stephan.tern...@gmail.com wrote: The scenario: I have a form where you can create a new person by entering name in a textbox and click a button. When the user clicks the button I grab the value from the textbox and sets it on the Person object. The Person object validates the value and makes sure the name on the object only contains a-z. If not execution stops and an error is presented to the user. If all is good I send the Person object via an RPC call to the server. The question: When continuing execution on the server, can I be sure that the name only contains a-z or do I have to do server validation as well for protection from attackers? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: Is validation on client side enough or do I need both?
or http://code.google.com/p/google-web-toolkit/wiki/BeanValidation On 8 abr, 10:17, Ben Imp benlee...@gmail.com wrote: Never trust a client. -Ben On Apr 8, 6:52 am, Stephan T stephan.tern...@gmail.com wrote: The scenario: I have a form where you can create a new person by entering name in a textbox and click a button. When the user clicks the button I grab the value from the textbox and sets it on the Person object. The Person object validates the value and makes sure the name on the object only contains a-z. If not execution stops and an error is presented to the user. If all is good I send the Person object via an RPC call to the server. The question: When continuing execution on the server, can I be sure that the name only contains a-z or do I have to do server validation as well for protection from attackers? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
