Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
784 views
in Technique[技术] by (71.8m points)

security - So is it safe to validate form on client-side only?

Of course, I know that server-side validation is a MUST.

I'm using jQuery to validate form inputs and using jquery ajax to do server-side(PHP) validation at the same time. So I guess it may be safe since it's validating for both sides while javascript is enabled.

Well, here is my problem...

But what if the user has javascript disabled on his browser and if some bad guys try to do something bad from editing my client-side script?

Because i'm making server-side validation through jquery ajax, and i'm planning not to validate them directly in php script(action="some.php") even user's javascript is enabled.

So... does it is still safe?

Sorry for my bad english, hope you don't mind.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

No, it is not safe. You should always validate your data on the server side, after the form has been submitted. Client-side validation and AJAX validation before submitting the form are only enhancing the user experience, by providing quicker feedback on invalid data. Both client-side validation and AJAX pre-submit validation do not and can not protect you from a maliciously crafted form submission. Attackers and abusers usually don't even use a browser in order to submit data to your server.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...