So.. what does everyone on this list do? Use JS and AJAX? Not use JS and AJAX? Constantly build JS-enabled/JS-disabled redundant apps and sites? Use JS and AJAX only where it failure doesn't matter?
-----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 17, 2007 7:18 AM To: CF-Talk Subject: Re: Client-side validation or Server-side Validation? Rick Faircloth wrote: >> A lot of form data validation can be completely contained within the client >> using JavaScript, > > But isn't this scenario assuming that JS is available? I thought the argument > was that one has to assume that JS isn't available and a complete server-side > validation routine would have to be in place. The argument is that one has to assume that the javascript in the browser is under control of the user and can not be trusted, even if it is present. > It seems that most on the list have been saying use the client-side JS for > user experience enhancement, but assume JS is not available. In that case, > I'd need to run server-side validation on everything anyway... Regardless of the availability of javascript, you always need server-side validation for security issues. Feel free to point me to a "javascript required" website with all javascript validation you have running and I will gladly demonstrate that need ;) Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275537 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4