输入验证是针对企业应用程序的客户端还是服务器端?
[英]Should input validation be client-side or server-side for Enterprise applications?
问题描述
I know maybe there's question about validation in client or server. 
我知道也许存在有关客户端或服务器中验证的问题。 but this one for Enterprise applications such as Sales, Clients systems 但这是针对企业应用程序(例如销售,客户系统)的
Should the input validation like number, strings, dates be in client-side ? 输入验证(例如数字,字符串,日期)应该在客户端吗? or strongly be in both ? 还是两者兼而有之? or in server-side only. 或仅在服务器端。
Reason of asking is : 询问原因是:
- I see some professional accountants who can change some of input tags by Inspect browser. 我看到一些专业会计师可以通过Inspect浏览器更改某些输入标签。 some of them change the change the debit value of transaction which is limited by client-side validation. 其中一些更改了交易借方值的更改,该更改受客户端验证的限制。
- Some guys who works as end-users also try to change dates to previous duration by Inspect ( do something in client ) ! 一些作为最终用户的人还尝试通过Inspect将日期更改为以前的持续时间(在客户端中执行某些操作)! and that not allowed and all web-based make these validation from client-side. 并且不允许这样做,并且所有基于Web的功能都从客户端进行这些验证。
In server-side validations example( Check for branch if exists, check if Store Exists. no problem happened at these scenarios because its server-side already. ) i don't speak about these points ( which related to Database things ) 在服务器端验证示例中(检查分支是否存在,检查存储是否存在。由于服务器端已经存在,因此在这些情况下没有问题。)我不谈论这些要点(与数据库相关)
Again. 再次。 sorry for asking question as this. 很抱歉这样问。 but please give opinions from people who works on Enterprise solutions will help me to take a choice. 但是请提供有关企业解决方案工作人员的意见,这将帮助我做出选择。
1 个解决方案
解决方案1
6 已采纳 2019-04-25 18:55:14
Always validate all user data on the server side. 始终在服务器端验证所有用户数据。 Like in ALWAYS and ALL . 就像总是和所有 。
Client side validation is only for UX. 客户端验证仅适用于UX。
Edit: added all 编辑:全部添加
PS: You can't trust the user PS:您不能信任用户
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.