Why use @Valid in Spring MVC when HTML5 Validation exists
Question
Why to use @valid annotation when HTML5 validation exists on the page?
We could focus on business logic rather than adding extra controllers to validate. Is it because there are any bugs using of web pages?
2 answers
solution1
2 2020-04-16 12:19:22
You can't have the server depend on client validation,
If user use old page without validation or user will send request to server directly (or user manipulate HTML as @Chris comment),
Then the validation won't take place and
Server validation make sure you keep your data integrity
It also prevent malicious attacks as SQL injection (if you aren't using PrepareStatement for example)
solution2
0 2020-04-16 12:22:05
The actual data submission request can be intercepted, captured, changed, and replayed. During the replay, a malicious user can change the body of the request to submit just any data they wish. Irrespective of front end technology and framework, your back end will eventually end up receiving a data request. It's how you treat the content of that request that makes a difference. That's why every bit of data submitted by your user has to be validated on your back end.
TLDR;: Never trust the data submitted by the user.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.