Should input validation be client-side or server-side for Enterprise applications?
Question
I know maybe there's question about validation in client or server. but this one for Enterprise applications such as Sales, Clients systems
Should the input validation like number, strings, dates be in client-side ? or strongly be in both ? or in server-side only.
Reason of asking is :
- I see some professional accountants who can change some of input tags by Inspect browser. some of them change the change the debit value of transaction which is limited by client-side validation.
- Some guys who works as end-users also try to change dates to previous duration by Inspect ( do something in client ) ! and that not allowed and all web-based make these validation from client-side.
In server-side validations example( Check for branch if exists, check if Store Exists. no problem happened at these scenarios because its server-side already. ) i don't speak about these points ( which related to Database things )
Again. sorry for asking question as this. but please give opinions from people who works on Enterprise solutions will help me to take a choice.
1 answers
solution1
6 ACCPTED 2019-04-25 18:55:14
Always validate all user data on the server side. Like in ALWAYS and ALL .
Client side validation is only for UX.
Edit: added all
PS: You can't trust the user
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.