subject:"re\[2\]\: ValidateAt parameter is effectively only client side \(was\: re\[2\]\: \[ACFUG Discuss\] Password CFinput regular expression \- throws alert\/error after correction also\)"

Re: re[2]: ValidateAt parameter is effectively only client side (was: "re[2]: [ACFUG Discuss] Password CFinput regular expression - throws alert/error after correction also")

2009-03-10 Thread Dean H. Saxe

Yes. Look at how its done by Struts and the Apache Commons Validator platform. -dhs Dean H. Saxe, CISSP, CEH d...@fullfrontalnerdity.com "Dissent is the purest form of patriotism." --Thomas Jefferson On Mar 10, 2009, at 12:35 PM, Mischa Uppelschoten ext 10 wrote: Sorry for the confusi

re[2]: ValidateAt parameter is effectively only client side (was: "re[2]: [ACFUG Discuss] Password CFinput regular expression - throws alert/error after correction also")

2009-03-10 Thread Mischa Uppelschoten ext 10

Sorry for the confusion. My point is that even though the server does perform validation, it does so only at the command of the client (hidden field). Effectively, it is therefore still client side validation. I believe it gives a false sense of security (to myself included) since it's so easily