Server side validation in java
Question
Can any one explain me the need and scenarios of server-side validation in java. why can't we use the validation at the client-side using javascript?
3 answers
solution1
5 2012-04-30 08:18:25
Because an attacker can bypass client-side validation by simply disabling JavaScript or calling your server with external tools like httpclient or curl . Finally with tools like firebug one can submit virtually anything.
Also it makes your GUI much more responsive as you don't have to reload the page every time a user tries to submit the form (so moreover, it reduces the network traffic and server load).
solution2
2 2012-04-30 08:18:51
Client side validation is good for a better user experience, if he made an error, there's no need to send an HTTP request to find that out.
For example - if the user name should be at least 3 characters long, and the user enters 2, you can immediately tell to the user that there's a problem.
Server side validation protect the server from corrupted / malicious requests, that might be sent by dishonest users.
For example - if the user tries to execute a query that he shouldn't using SQL injection, you can prevent it in the server side, since he may not send the query through you web site, but from a different client.
solution3
1 2012-04-30 08:18:50
Mainly for security reasons. If somehow, someone manages to modify your client and bypass validation, you could seriously compromise your server.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.