All user input data validation should occur on the server and minimally on the client-side, though it is a good way to reduce server load and network traffic because we can ensure that only data of the appropriate type is submitted from the form. It is totally insecure. The user can view the code used for validation and create a workaround for it. Secondly, the URL of the page that handles the data is freely visible in the original form page. This will allow unscrupulous users to send data from their own forms to your application. Client-side validation can sometimes be performed where deemed appropriate and feasible to provide a richer, more responsive experience for the user.
No comments:
Post a Comment