使用客户端脚本进行验证?
[英]Using Client Side Scripts for validations?
问题描述
I'm making an asp.net/c# web application and i would like to know is Client Side Scripts for validations enough and secure using js ? 
我正在制作一个asp.net/c# Web应用程序,我想知道使用js进行验证的客户端脚本是否足够且安全? what do you think and what do you suggest ? 您如何看待,并提出什么建议? thanks 谢谢
3 个解决方案
解决方案1
3 2011-04-11 09:59:59
Client Side Scripts for validations enough and secure using js ?
No, client side validation only is not secure enough as users can disable javascript. 不可以,仅客户端验证不够安全,因为用户可以禁用javascript。 You need to perform at least server side validation. 您至少需要执行服务器端验证。 Client side validation is only for convenience, avoid sending values to the server and preserve bandwidth, responsiveness of the UI, ... but not for security. 客户端验证仅是为了方便起见,避免将值发送到服务器,并保留带宽,UI的响应性,但不是为了安全。
解决方案2
2 已采纳 2011-04-11 10:00:23
Using client side scripting for this is essentially asking the client to check that the user who controls the client isn't doing anything bad. 为此,使用客户端脚本实际上是在要求客户端检查控制客户端的用户是否做得很好。
It is very convenient for users who did bad things by accident but no defense at all against users trying to do bad things deliberately. 对于意外地做坏事的用户来说非常方便,但是对于试图故意做坏事的用户完全没有防御力。
Do all your checks server side, then consider adding extra client side checks to speed things up for the users. 在服务器端进行所有检查,然后考虑添加额外的客户端检查以加快用户处理速度。
解决方案3
0 2011-04-11 10:00:46
You can't rely on these as users can simply turn off Javascript. 您不能依赖这些,因为用户可以简单地关闭Javascript。 ALWAYS PERFORM SERVER SIDE VALIDATION!!! 始终执行服务器端验证!!!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.