Michael Brubaker wrote: > > Javascript is excellent validation tool >
But you still have to validate all the input on the server side. Client-side validation is great, but not sufficient. It's easy to forget that web browsers are just one potential client for your site. Some people will use download apps like wget. Some people will write little apps that do nothing but submit bad input in an attempt to crash your server or trash your database. Some people might just be using broken browsers. Example: just because you limit the HTML input field length to 80 characters doesn't mean that's what's going to be coming across the wire. If you don't want a brittle, easy to hack site, you've got to validate all the input on the server side. -- Christopher St. John [EMAIL PROTECTED] DistribuTopia http://www.distributopia.com ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
