What he's saying is that you can't assume the validation values you are passing have not been altered, which would allow a user to change or eliminate the validation and save bad data. The validation rules should be specified on the server. The only thing you're relying on the client for is posting the form data to the server (form data which you must assume is invalid until you validate it on the server).
On 8/14/07, Josh Nathanson <[EMAIL PROTECTED]> wrote: > > > You should never rely on the client to provide server-side validation > > rules. > > Reponses from the client can be easily altered which could cause your > > server-side validation rules to be overwritten and ignored. > > Dan - can you describe a scenario in which a hidden form field would get > altered by an ordinary Joe? I haven't had any issues yet, but if it's a > realistic possiblity then I'll need to change my implementation. > > It seems like you have to rely on the client to some degree when > processing > a form. > > -- Josh > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get involved in the latest ColdFusion discussions, product development sharing, and articles on the Adobe Labs wiki. http://labs/adobe.com/wiki/index.php/ColdFusion_8 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286172 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4