2009

Dean H. Saxe Thu, 12 Feb 2009 10:51:56 -0800

Yes Charlie, but the server side is dependent upon receiving a flagfrom the client to tell the server what to validate, if I recallcorrectly. So effectively, it is still client-side validation.


-dhs



Dean H. Saxe, CISSP, CEH
d...@fullfrontalnerdity.com

"I have always strenuously supported the right of every man to his ownopinion, however different that opinion might be to mine. He whodenies another this right makes a slave of himself to his presentopinion, because he precludes himself the right of changing it."

    -- Thomas Paine, 1783


On Feb 12, 2009, at 11:39 AM, Charlie Arehart wrote:

Just to be clear, Ajas's use ofvalidateat="onblur,onsubmit,onserver" doesin fact do both client- and server-side validation, but no doubt thewhole
subject of validation (client and server-side) is indeed important and
deserves careful scrutiny from a security perspective.
On a separate topic, I realize some don't like CF's validation (notsayingthis is Dean's issue here) and CFForm in general, but some may findthatit's improved quite a bit over the years and has things they neverrealized
(and which have nothing to do with Flash or Java).
To that end, check out the 2-page article I did in my backpagecolumn of theFAQU back in late 2007, which lists 11 bullet points highlightingthose
features:

Tipical Charlie: CFFORM: Are You Sure You Want to Ignore It?
http://www.carehart.org/articles/faqu_4_tips_cfform.pdf

Hope that's helpful.

/charlie

-----Original Message-----
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H.Saxe
Sent: Thursday, February 12, 2009 11:08 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] weird cfinput vs input stuff. date isshown as
{d '2009-02-12'} vs 02/12/2009

Plus its a completely useless client side check which needs to be
repeated server-side as well if you want any assurance that validation
was successful.

-dhs



-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------




-------------------------------------------------------------

To unsubscribe from this list, manage your profile @http://www.acfug.org?fa=login.edituserform


For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------

Re: [ACFUG Discuss] weird cfinput vs input stuff. date is shown as {d '2009-02-12'} vs 02/12/2009

Reply via email to