On Wednesday, 30 April 2014 at 17:23:39 UTC, Byron wrote:
Client side validation should only be used for giving users
immediate fed
back and saving cycles. You do know I can look at your js, find
all of
your ajax calls and send what ever data I want right..
If the security model depends on code being hidden then there is
something very wrong with it.
The database should do all the veracity checks and apply all the
consistency constraints. The server should merely prepare the
data. If any constraints triggers the transaction is rolled back.
This becomes even more important when you have multiple servers
and versions of the server software maintained by various
divisions writing to the same database.
