I agree with Steve, but there is a much simpler possibility that the JS validation does not work: The user can just switch it off in the browser. This might not be just to bypass validation, but maybe just for security reasons, so for a business critical apllications I'd discourage anyone from using it, if you have something like a guestbook, and the validation fails and you end up with something like an entry without email address, so what.
Bernhard > -----Ursprüngliche Nachricht----- > Von: Steve Kirk [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 24. Mai 2005 20:02 > An: 'Tomcat Users List' > Betreff: RE: Validation Frame work > > > David is right, JS and serverside validation perform > different roles. To > expand on his comment a bit more, remember that the requests that your > webapp receives could be sent by any HTTP client, not necessarily by a > friendly web browser. If someone were so inclined, they > could write their > own HTTP client to interact with your webapp, that aimed to > deliberately > submit bad data to your servlet, in which case your JS > validation would have > been bypassed. What they can't do is bypass your serverside > validation (or > at least this is much harder). > > Just one trick that such nasty people might try is to insert > JS code in any > form fields that you let them create or edit. If this field > data is then > "displayed" in other pages of your app, this might cause > anyone viewing that > page on your site to download a trojan/virus/etc. It's > really very easy to > do. And this is only one such exploit. There are many others. > > > -----Original Message----- > > From: David Smith [mailto:[EMAIL PROTECTED] > > Sent: Tuesday 24 May 2005 16:19 > > To: Tomcat Users List > > Subject: Re: Validation Frame work > > > > > > Because you should never trust the client. They may not be > submitting > > from your form. Javascript is just a nicety to save the > user a whole > > request/response cycle just to find out a field is missing > or wrong. > > Consider it a security issue. > > > > -- David > > > > raja buddha wrote: > > > > > Hi all > > > In struts why do we need validation frame work we have > java script > > > to do validations. Is there any extra advantage of using > > the validation > > > frame work > > > > > > raj > > > > > > _________________________________________________________________ > > > On the road to retirement? Check out MSN Life Events for > > advice on how > > > to get there! > http://lifeevents.msn.com/category.aspx?cid=Retirement > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
