JavaScript验证还是ASP验证?
[英]Javascript Validation or ASP Validation?
问题描述
I was talking to a co-worker and we had a discussion on client side validation. 
我正在与同事交谈,我们讨论了客户端验证。
Which validation method is better (javascript/asp.net validation)? 哪种验证方法更好(javascript / asp.net验证)?
I know when javascript is disabled on the browser then validation would be disabled but with asp.net validation control, you can just call the method page.validate() to do validation even though javascript is disabled. 我知道在浏览器上禁用javascript时将禁用验证,但是使用asp.net验证控件,即使禁用了javascript,也可以仅调用方法page.validate()进行验证。
4 个解决方案
解决方案1
7 2009-09-16 20:38:33
You should always do server-side validation or you risk injection attacks. 您应该始终进行服务器端验证,否则可能会遭受注入攻击。
JavaScript validation is nice-to-have and prevents unnecessary round-trips to the server, but it can be disabled like you point out. JavaScript验证很不错,可以防止不必要的服务器往返,但是可以像您指出的那样禁用它。
解决方案2
3 2009-09-16 20:36:56
Do both. 两者都做。
JavaScript gives near immediate results. JavaScript提供了近乎即时的结果。
ASP.NET validation is the solution for bullet-proofing/fool-proofing/spoof-proofing. ASP.NET验证是防弹/防呆/防欺骗的解决方案。 It is a must to have. 这是必须拥有的。
解决方案3
3 已采纳 2009-09-16 21:13:14
Use server side validation for data integrity and security. 使用服务器端验证来确保数据完整性和安全性。 Use client side validation for usability. 使用客户端验证来提高可用性。 Server side should always be used. 服务器端应始终使用。 But client side validation should be used as a way to enhance value to users. 但是,应将客户端验证用作增加用户价值的一种方式。 I make a dumb typo I want the app to be smart enough to catch my mistake. 我犯了一个愚蠢的错字,我希望该应用程序足够智能以捕获我的错误。 If you expect your users to always do the most unexpected things you will have a good strategy. 如果您希望用户总是做最出乎意料的事情,那么您将有一个很好的策略。 Although there are many smart people using the web. 尽管有很多聪明的人在使用网络。 If you start with the assumption that it mostly just monkeys typing random stuff into the computer then your code and project will be more robust. 如果您假设大多数情况下只是猴子在计算机中键入随机内容,那么您的代码和项目将更加健壮。 And when it comes to publicly facing websites and bot nets, the monkey analogy is not that far off. 当涉及到面向公众的网站和僵尸网络时,猴子的类比离我们并不遥远。 It really is just random stuff entering through your forms. 这实际上只是通过表单输入的随机内容。
解决方案4
1 2009-09-16 20:41:35
You have to do server side validation. 您必须执行服务器端验证。 Imagine your user has js disabled, it could mess up your database. 假设您的用户禁用了js,它可能会破坏您的数据库。 You also risk all kind of injection attacks. 您还冒着各种注入攻击的风险。
That said, in some cases inline validation is nice because it gives the user an immediate feedback, improving the usability. 就是说,在某些情况下,内联验证非常好,因为它可以为用户提供即时反馈,从而提高了可用性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.