我应该做多少验证?
[英]How much validation should I do?
问题描述
I have an angular client that has a form that sends requests to an api service that has the following components: 
我有一个有角度的客户端,该客户端的形式将请求发送到具有以下组件的api服务:
- Form 形成
- Controller 调节器
- Service 服务
I can trigger validations on each of them but should I be doing that or applying validation on the From is sufficient? 我可以触发每个验证,但是我应该这样做还是在From上应用验证就足够了?
2 个解决方案
解决方案1
1 已采纳 2015-10-22 09:32:24
In my opinion you should be validating on every layer you have listed. 我认为您应该在列出的每个层上进行验证。
Anyone can easily modify the HTML of a form to bypass any client validation, just turn of JS. 任何人都可以轻松地修改表单的HTML,以绕过任何客户端验证,只需打开JS。 So you should also be ensuring that in the controller you have the correct data. 因此,您还应确保在控制器中具有正确的数据。
Your service, I am assuming this might be accessible from other places/applications, so it should be enforcing the same/similar validation in the service to make sure you application is consistent with it's data. 我假设您的服务可以从其他地方/应用程序访问,因此应该在服务中强制执行相同/相似的验证,以确保您的应用程序与其数据一致。
Doing it this way will make sure no 'bad' data gets through your whole stack. 以这种方式进行操作将确保没有“坏”数据通过整个堆栈。
解决方案2
0 2015-10-22 09:31:35
Forms is not sufficient, someone can disable javascript or make changes in the objects. 表单是不够的,有人可以禁用javascript或在对象中进行更改。 Do atleast Forms and Service 做至少表格和服务
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.