Deb Shuvabrata wrote:
>
> Consider a date validation on an HTML page.
>
You can't depend on client-side validation. Since the users
have control of the client, the users can do any perverse
thing they want, and there's no way to always catch them.
So assume all the data coming from the client is trashed and
revalidate it on the server-side.
> Is there any way I can find out from my ... if the request
> came from a JavaScript enabled browser or not.
>
No. A malicious user can always fake it, see part 1. ('But
we don't have any malicious users' is not a good excuse,
since stupidity is often indistinguishable from malice :-)
Make sure to always validate on the server side, and you
don't have to worry about javascript being turned off...
--
Christopher St. John [EMAIL PROTECTED]
DistribuTopia http://www.distributopia.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
