Hi,
>In my case, I do both client-side (to the degree possible) and server-side
>authentication. Why?
>
>* Client side validation improves the user experience by catching things
> quickly, before the submit-error-fix-resubmit loop happens. Of course,
> you cannot catch everything, and not every user will have JavaScript
> enabled.
>
>* Server-side validation should be considered imperative. How do YOU
> know the client has JavaScript turned on? How do YOU know that the
> client submitting this request is even a browser? It might be a
>customer's
> application, where you're using the web application to create a B2B
> integration link.
I agree to a point. Our case is special..we have a check on the very first
page they go to that says if their browser is <4.0 (using javascript), it
wont let them in. It also has the <noscript> tag so incase they do have
JavaScript turned off, it displays a message for them to know to turn it on,
otherwise they can't use our site.
But I tend to agree not to rely on it. However, its easy enough in
JavaScript to guarantee a field is not empty that is required. I believe the
stronger argument for using server-side validation in conjunction with
client-side is that in the transit to our server, its possible any number of
problems can occur that lose the data on the way. I have never seen this
happen, and I don't know if it is completely possible, but I assume that the
way internet packets are transmitted that it could happen.
>
>If your server application lets any corrupted data get stored in
>the database, it
>is *always* your server application's fault -- no excuses
>accepted. Therefore,
>"paranoid" checking of everything in the server is the self
>defense behavior I
>always choose.
Agreed for most cases. In ours, we force them to have MSIE4+ and NS4+ with
JavaScript and cookies enabled, otherwise they can't use our site. Period.
Thus far nobody has had any problems in the 5000 people signed up.
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets