Menu
Is there any high level reason to have both client side and server side validations for a web application ?
552
Because your client side validation may be subverted.
For example - on the web, if you are using javascript for validation, it is very easy to either turn javascript off, or change how it works using tools such as FireBug.
Event with other client/server methods, it is possible for the data link to be subverted and the "validated" data can be changed on the way to the server (Man In The Middle attack).
In general, the maxim "never trust the client" is the reason that you need to always validate on the server.
You may ask in that case, why validate on the client? In order to provide immediate feedback.
147
User can modify the validation javascript locally (save the page and do anything with it) or javascript can be turned off in browser. So in this case client-side validation is useless. Hence, you should verify on server too
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
