服务器端用户输入验证
[英]Server-side Userinput Validation
问题描述
We work with SAP-Fiori / SAPUI5 / OpenUI5. 
我们使用SAP-Fiori / SAPUI5 / OpenUI5。 Those frameworks are based on JS only. 这些框架仅基于JS。 Due to manipulation issues on JS, we must not validate user inputs only via JS / through frontend. 由于JS上的操作问题,我们不能仅通过JS /通过前端来验证用户输入。 So a dev gave me the advice to verify and validate User Inputs (through form eg) via Stored Procedures. 因此,一名开发人员给了我建议,以通过存储过程验证和验证用户输入(例如通过表单)。
Is this a good practice? 这是一个好习惯吗? Thanks for any help! 谢谢你的帮助!
1 个解决方案
解决方案1
0 2016-03-04 09:39:24
There are checks which can be performed in the frontend and there are checks which can be performed in the backend. 有一些可以在前端执行的检查,也有可以在后端执行的检查。
frontend: You can do basic input validation, like zip count, if value is not langer than x digts. 前端:如果值不等于x个数字,则可以进行基本的输入验证,例如邮政编码计数。 Or you can check that it is of the right type. 或者,您可以检查其类型是否正确。 You can filter out bad characters and so on. 您可以过滤掉坏字符等等。
backend: this is where you can check the pre-checked inputs against some data from backend systems, eg if the id of the user exists, authorization and so on. 后端:在这里您可以对照来自后端系统的某些数据检查预检查的输入,例如,用户ID是否存在,授权等。
So you can still do some frontend checks for basic input and security related things in the backend. 因此,您仍然可以对后端中的基本输入和与安全相关的内容进行一些前端检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.