• Subject: Re: CGI Fact Finding Mission (Need Input)
  • From: "Joe Teff" <jteff19@xxxxxxx>
  • Date: Fri, 19 Nov 1999 22:56:50 -0600

> You pointed out that JavaScript can be used to verify
> input before being sent to the server.  Does that mean
> you have no input verification on the server side?  If
> so, are you not concerned about crackers sending faulty
> or malicious data directly to your server?  Even if you
> put some verification on the client side, you still have
> to verify data on the server side anyways.
> My main point is that when designing a web page, you
> should never make any assumptions about the capabilities
> of the browser, including support for cookies, Java, and
> JavaScript.

I use JavaScript to edit as much as possible in the browser.
I also do 100% editing/validation at the server. The reason
I try to validate at the browser is that I try to eliminate as
much traffic as possible. If I can have 50% of the potential
errors caught and fixed at the browser, then I've saved the
time to send an error back to the browser and then to
resend the page. If JavaScript is turned off, them I'll still
catch it at the browser - just takes more time (and
frustration to the user).

Joe Teff 

| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].