Rick,
>Client-side validation is going to have to server-side validation, too,
>which means the server is going to have to handle all the validation
>that the client-side does. So there's just as much stress on the server.
No. The majority of client-side validation you'd use doesn't affect the
s
>I know you're approaching this from the perspective of handling
> those who don't use js... but I'm leaning toward assuming js,
> and letting the rest go.
In your particular application environment, I think that would be fine as
regards form validation. Security is another issue.
> I think it
want to return.
-Original Message-
From: Les Mizzell [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 3:41 PM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
> If you need an extra layer for this, your server-side layer is broken.
cfqueryparam isn't goi
validation or Server-side Validation?
Les,
>> There's tons of example code and libraries (such as qForms) that will
>allow
>> you to easily apply client-side validation rules to your code. It's not
>that
>> difficult to implement.
>
>But then, you'd have t
]
Sent: Monday, April 16, 2007 4:33 PM
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
> > But what about the people that don't use HTML email
> > because they feel it has no added value
>
> Same as for people that does to Macdo for a gastronomic
om: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 4:33 PM
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
> I've got solutions that use only client-side validation, but
> it seems that the discussion everyone's having always comes
> ba
east that's what I understand), people are going
to have to embrace js and other more risky technologies and learn to deal
with them securely or be left behind.
Rick
-Original Message-
From: Josh Nathanson [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 3:25 PM
To: CF-Talk
Sub
owser, but I just don't plan to put in the time and testing
on every version of every browser in use. It just seems a little
over-the-top.
Rick
-Original Message-
From: Damien McKenna [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 3:14 PM
To: CF-Talk
Subject: Re: Client-sid
> If you're doing both at once, you're not really doing client-side
> validation. Using AJAX for validation largely defeats the purpose of
> client-side validation - avoiding unnecessary trips to the server.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
truebut at least the
> You can setup your server-side to do both the ajax and the non-js
> submits. you create one validation method that gets called either way.
That's true only if you consider ajax validation to be client side. This is
not true client side validation, as it involves a call to the server. You
ar
>>You've got that backwards - it's HTML mail that's super-sized, full
of lard
and bad for you.
BTW, I don't know what kind of crippled mail reader you're using, but
its bad habit to strip the
References header from your replies make the thread particularly
difficult to follow.
--
___
:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 16:29
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
> For well-designed HTML messages that wouldn't be an issue.
> The colors, backgrounds, and images would always enhance the message,
> not detract from it.
> For well-designed HTML messages that wouldn't be an issue.
> The colors, backgrounds, and images would always enhance the
> message, not detract from it.
Have you heard of Sturgeon's Law?
http://en.wikipedia.org/wiki/Sturgeon's_law
Why would HTML mail be exempt?
> Why not just use word messa
]
Sent: Monday, April 16, 2007 15:09
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
Agreed, client side validation is only for client side user ease of use
and not for true validation of data being submitted to your data
definitions.
~Terry
: Client-side validation or Server-side Validation?
Les,
>> There's tons of example code and libraries (such as qForms) that will
>allow
>> you to easily apply client-side validation rules to your code. It's
>> not
>that
>> difficult to implement.
>
>B
validation or Server-side Validation?
> Why not just do both at once?
You can't do both at once. Client and server each need an independent
approach. The server must behave as if it is not at all dependent on
what the client sends it.
Thus you need to have CF code to handle validatio
Les Mizzell wrote:
>> If you need an extra layer for this, your server-side layer is broken.
>
> cfqueryparam isn't going to redirect the user back to the form and say
> "Hey idiot, your email address is REQUIRED".
>
> What am I missing?
cfqueryparam is also not going to validate that the data
Rick Faircloth wrote:
> For well-designed HTML messages that wouldn't be an issue.
> The colors, backgrounds, and images would always enhance
> the message, not detract from it.
But people don't design messages. They write a message on top of some
pre-existing layout template, whether that templa
Rick,
>I've got solutions that use only client-side validation, but it seems
>that the discussion everyone's having always comes back to needing
>server-side validation to backup client-side.
Which is true.
>Seems to me that it's a lot less work to just integrate the two.
Which is false. You're
Les,
>> There's tons of example code and libraries (such as qForms) that will
>allow
>> you to easily apply client-side validation rules to your code. It's not
>that
>> difficult to implement.
>
>But then, you'd have to require javascript - so that's another vote in
>that direction
No.
My p
> If you need an extra layer for this, your server-side layer is broken.
cfqueryparam isn't going to redirect the user back to the form and say
"Hey idiot, your email address is REQUIRED".
What am I missing?
~|
Upgrade to Adobe
issues they face.
Thanks for your feedback...
Rick
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 4:08 PM
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
> I'm all for forcing users of sites I develop to
ailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 3:06 PM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
Rick Faircloth wrote:
> It's like people who refuse to use HTML email... I think it's time for
> these folks to come into the light and forget
> > But what about the people that don't use HTML email
> > because they feel it has no added value
>
> Same as for people that does to Macdo for a gastronomic
> event ;-)
You've got that backwards - it's HTML mail that's super-sized, full of lard
and bad for you.
Dave Watts, CTO, Fig Leaf Sof
> I've got solutions that use only client-side validation, but
> it seems that the discussion everyone's having always comes
> back to needing server-side validation to backup client-side.
>
> Seems to me that it's a lot less work to just integrate the two.
>
> I mean, if I'm going to have to v
>>But what about the people that don't use HTML email because they feel it
has no added value
... which makes a pretty good reason to show them how to enable JS.
They will be grateful.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/c
e.
So far, I've heard no complaints *ever* from users...
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 4:08 PM
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
> > But what about, as already mentioned, somebod
> Why not just do both at once?
You can't do both at once. Client and server each need an independent
approach. The server must behave as if it is not at all dependent on what
the client sends it.
Thus you need to have CF code to handle validation on the server, and
javascript to handle vali
most effective approach, but certainly a very efficient one!
Rick
-Original Message-
From: Judah McAuley [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 2:49 PM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
Rick Faircloth wrote:
> It's like codi
>>But what about the people that don't use HTML email because they feel it
has no added value
Same as for people that does to Macdo for a gastronomic event ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(P
Les Mizzell wrote:
> I've had to add an "in between" layer to check for missing info when the
> client-side validation fails (due to no javascript) and kick them back
> to the form before it ever gets to the data-processing page. Since the
> forms are pretty darned big, that's a ton of extra cod
Re: Client-side validation or Server-side Validation?
On Apr 14, 2007, at 10:46 AM, Rick Faircloth wrote:
> But now that I've started down the client-side validation road, I hear
> from passersby, "No! You should always validate server-side or both!"
Not validating server-sid
age-
From: Dan G. Switzer, II [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 2:31 PM
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
Rick,
>I'm leaning toward a combination of JS for user-friendliness with
>the validation coming from ColdFusion program
On Apr 16, 2007, at 1:51 PM, Rick Faircloth wrote:
> It's just too much work to cater to every minority group in the
> virtual
> universe.
In one sentence you sum up the main problem with web development
today: because people are unwilling to really look into how the
standards work and to le
:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 2:44 PM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
Rick you might be right in some audiences but I think you may be wrong
in many other audiences. Larger corporations, for instance, do much more
extensive security fil
> further more, how many among those 10% just didn't know
> they had JS disabled and will be so glad you told them that
> they will buy anything in your boutique? ;-)
Most non-technical users don't know or care what JavaScript is.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Rick Faircloth wrote:
> It's like people who refuse to use HTML email... I think it's time for
> these folks to come into the light and forget their paranoia about
> security, if that's what's keeping them from using these technologies.
But what about the people that don't use HTML email because t
> I'm all for forcing users of sites I develop to use Javascript.
>
> If it's not turned on just send them a message: "You must
> enable Javascript to use this form." If they choose not to, so
> be it.
If you can afford that luxury, good for you! That's simply not an option for
most people tr
> > But what about, as already mentioned, somebody browsing
> > with Javascript turn off
>
> In that case they get the message "Your browser should have
> Javascript turned on to proceed" and no form at all.
In that case, I take my business elsewhere.
Dave Watts, CTO, Fig Leaf Software
http://
> Larger corporations, for instance, do much more
> extensive security filtering. They can block javascript/activeX/etc at
> the firewall and they can also enforce browser settings at the desktop
> level. The end user may not have any participation in the security
> decisions nor even know that jav
Rick Faircloth wrote:
> It's like coding for users of the Opera browser. If they want to be able
> to have the best experience on my sites, then install IE.
>
> It's just too much work to cater to every minority group in the virtual
> universe.
And this is where I fundamentally disagree. Its re
On Apr 14, 2007, at 10:46 AM, Rick Faircloth wrote:
> But now that I've started down the client-side validation road, I hear
> from passersby, "No! You should always validate server-side or both!"
Not validating server-side is too much of a security risk. I always
consider server-side validati
Rick you might be right in some audiences but I think you may be wrong
in many other audiences. Larger corporations, for instance, do much more
extensive security filtering. They can block javascript/activeX/etc at
the firewall and they can also enforce browser settings at the desktop
level. Th
> There's tons of example code and libraries (such as qForms) that will allow
> you to easily apply client-side validation rules to your code. It's not that
> difficult to implement.
But then, you'd have to require javascript - so that's another vote in
that direction
~~~
Rick,
>I'm leaning toward a combination of JS for user-friendliness with
>the validation coming from ColdFusion programming.
>
>I get the best of both worlds that way.
It's not the best of both worlds. If you're doing all validation based on
AJAX operations, then you've introduced a huge layer of
> I'm leaning towards using a combination of JS on the interface
> and CF for data validation. That'll take care of security.
The application I'm thinking about is an insurance enrollment system.
Users have to already be registered to access the system - which is a
multi-page form. I'm using a c
curity problems.
-- Josh
- Original Message -
From: "Rick Faircloth" <[EMAIL PROTECTED]>
To: "CF-Talk"
Sent: Monday, April 16, 2007 10:35 AM
Subject: RE: Client-side validation or Server-side Validation?
> Josh,
>
> You refer to customers who don't have
o: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
That's all well and good, but it still doesn't prevent a black hat from
posting directly to your web server (They wouldn't even need to use a
browser) in an attempt to pass data that would have not been permissi
my sites, then install IE.
It's just too much work to cater to every minority group in the virtual
universe.
Rick
-Original Message-
From: Robert Rawlins - Think Blue
[mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 1:20 PM
To: CF-Talk
Subject: RE: Client-side validation or Se
>> does this figures suppose that 10% of visitors having Javascript
disabled IS a potential market?
further more, how many among those 10% just didn't know they had JS
disabled and will be so glad
you told them that they will buy anything in your boutique? ;-)
--
_
to use javascript?
Rick
-Original Message-
From: Josh Nathanson [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 1:09 PM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
> How bad would it be to make having javascript turned on *REQUIRED*
> before vi
>>validation like "That order number is not found in our database". How
would you do that in JavaScript without going to the server anyway?
Ajax man, Ajax! ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(
>>then why would you EVER take the risk of 10% of the potential market
not being
able to access your application?
does this figures suppose that 10% of visitors having Javascript
disabled IS a potential market?
I mean many of those 10% hits are simply eMail sniffers, spamers or
whatever,
data-type
validation like "That order number is not found in our database". How
would you do that in JavaScript without going to the server anyway?
~Brad
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 11:58 AM
To: CF-Talk
Subject:
27;s a risk you shouldn't be taking.
Rob
-Original Message-----
From: Les Mizzell [mailto:[EMAIL PROTECTED]
Sent: 16 April 2007 17:47
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
> Looking at the latest published W3C statistics you would educate a guess
o
>>If it's not turned on just send them a message: "You must enable
Javascript to use this form." If they choose not to, so be it.
Bravo! We should start a union of developers about this ;-)
>>It's like people who refuse to use HTML email... I think it's time for
these folks to come into the l
>>but how 'user friendly" is this if done?
IMO the user friendliness you gain being able to use many JS tools that
can make a site look more efficient
largely compensates for the apparent roughness toward paranoid who
deactivate their Javascript.
--
___
REU
> How bad would it be to make having javascript turned on *REQUIRED*
> before visotors can view certain content (forms)?
This all depends your intended audience, and the purpose of your website.
I run a mission-critical eCommerce site, so we have to make sure our
javascript-challenged customers
r
these folks to come into the light and forget their paranoia about
security, if that's what's keeping them from using these technologies.
Thoughts?
Rick
-Original Message-
From: Les Mizzell [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 12:47 PM
To: CF-Talk
Subject: R
> Looking at the latest published W3C statistics you would educate a guess of
> about 10% of browsers not having JS enabled on them, that's a fairly hefty
> chunk.
How bad would it be to make having javascript turned on *REQUIRED*
before visotors can view certain content (forms)?
It's something
Thanks CoolJJ, An excellent resource (foundstone.com), there is a pdf file that
explains "hacme shipping" here:
http://www.foundstone.com/resources/whitepapers/hacmeshipping_userguide.pdf
Andrew.
> Rick,
> Never, never, ever trust data coming from the client side. It is very
> easy to bypass c
ll [mailto:[EMAIL PROTECTED]
Sent: 16 April 2007 16:50
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
> Not exactly. What I mean is that I will let standard error messages
> through, like
> "invalid datatype" for an invalid date from the database
>>But what about, as already mentioned, somebody browsing with
Javascript turn off
In that case they get the message "Your browser should have Javascript
turned on to proceed" and no form at all.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox
> Not exactly. What I mean is that I will let standard error messages
> through, like
> "invalid datatype" for an invalid date from the database driver, or
> "null values not allowed", etc...
> With client side validation, I will make some more user friendly phrase.
But what about, as already men
True... as long as your client-side validation is bullet-proof...
-Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 11:26 AM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
>>client-side "innocent&q
>>Also right, only hackers will get to the server with invalid data, so
>>why should I care about them?
Are you serious?
-Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: 16 April 2007 16:26
To: CF-Talk
Subject: Re: Client-side validation or
>>client-side "innocent" errors (e.g. typos) get user-friendly
messages.
Right.
>>Anything making it through client-side, but failing
server-side gets the raw error messages.
Also right, only hackers will get to the server with invalid data, so
why should I care about them?
--
AM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
>>So, if a user's input fails server-side validation, do you not
give an error message to the user?
Not exactly. What I mean is that I will let standard error messages
through, like
"invalid datatype&quo
>>So, if a user's input fails server-side validation, do you not
give an error message to the user?
Not exactly. What I mean is that I will let standard error messages
through, like
"invalid datatype" for an invalid date from the database driver, or
"null values not allowed", etc...
With client
ent.
Rick
-Original Message-
From: Dan G. Switzer, II [mailto:[EMAIL PROTECTED]
Sent: Sunday, April 15, 2007 5:09 PM
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
Rick,
>Does the JS and CF validation have to be totally independent
>in functionality? It woul
---Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: Sunday, April 15, 2007 5:24 PM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
>>Does the JS and CF validation have to be totally independent in
functionality?
Basically yes ;-)
I m
>>You should only be doing AJAX validation when you can not do the
validation
on the client-side (such as validating against a database.)
Absolutely true.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Pleas
>>Does the JS and CF validation have to be totally independent in
functionality?
Basically yes ;-)
I mean:
1º Javascript is so useful for so many things, I simply won't let a user
fill a form if they have Javascript disable, period.
2º the main reason for validating data client side is for the
Rick,
>Does the JS and CF validation have to be totally independent
>in functionality? It would seem so, if I'm concerned about a user
>not being able to use forms.
>
>I've got a technique I'm working on that involves JS posting a form
>back to the page it's on, then cfincluding a page of CF to v
side validation that will provide security and
> functionality if JS is turned off?
>
> Rick
>
>
> -Original Message-
> From: Claude Schneegans [mailto:[EMAIL PROTECTED]
> Sent: Saturday, April 14, 2007 10:22 PM
> To: CF-Talk
> Subject: Re: Client-side validati
---
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 14, 2007 10:22 PM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
>>I've used ajax validation successfully in one case: the user is
signing up
wit
>>I've used ajax validation successfully in one case: the user is
signing up
with a unique username,
Very good example indeed.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this addr
Thanks for the input, Dave...
Rick
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 14, 2007 9:50 PM
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
> But, apart from the "some users don't have Javascript
> But, apart from the "some users don't have Javascript turned
> on" argument, why can't JS code be written that can validate
> as well as CF? ( I know I can't write the JS code right now,
> but that's beside the point...)
A bunch of people have already answered this, so I don't know if I'll a
ks like I'm close.
Thanks for your insight! And everyone else's, too!
Rick
-Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 14, 2007 6:25 PM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
>>and usi
Thanks for the tip, JJ!
Rick
-Original Message-
From: JJ Cool [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 14, 2007 8:01 PM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
>Ok
>
>So I've been getting into jQuery a lot lately. And bei
>Ok
>
>So I've been getting into jQuery a lot lately. And being able to
>do some of the user enhancements has been great.
>
>I've also begun, as one of those user enhancements, to use
>client-side validation. Not for login's, but for mortgage calculators,
>property search request forms, etc.
before finding out if they've entered a unique username or not.
-- Josh
- Original Message -
From: "Claude Schneegans" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Saturday, April 14, 2007 3:25 PM
Subject: Re: Client-side validation or
>>and using Ajax to send the form data over to a CF page for
validation, but I couldn't get everything to work correctly.
I'm not sure it's a good approach. Ajax has its price: the time needed
for a request on your server;
May be not as long as reloading the page, but not far.
The advantage of J
>>If anyone has any comments in this approach, I'm all ears.
I agree with you, but let me just add that server side validation does
not have to work exactly the same way.
What I mean is that client side validation is to be preferred and used
mostly for the user comfort,
when server side is esp
M
> To: CF-Talk
> Subject: RE: Client-side validation or Server-side Validation?
>
> Hi, Michael...
>
> Your perspective agrees with everything I've been reading.
>
> I was working on using jQuery to display error messages
> and using Ajax to send the form data ove
ginal Message-
From: Michael E. Carluen [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 14, 2007 3:00 PM
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
Rick,
I agree with Dan and Zaphod's comments. I personally use both client and
server side validation, at a mi
: Saturday, April 14, 2007 3:00 PM
To: CF-Talk
Subject: RE: Client-side validation or Server-side Validation?
Rick,
I agree with Dan and Zaphod's comments. I personally use both client and
server side validation, at a minimum spec for my apps, even if I require
that javascript be turned on.
Thi
en if I require javascript be on, at minimum.
If anyone has any comments in this approach, I'm all ears.
Michael
> -Original Message-
> From: Dan G. Switzer, II [mailto:[EMAIL PROTECTED]
> Sent: Saturday, April 14, 2007 8:35 AM
> To: CF-Talk
> Subject: RE: Cl
Rick,
>Do you use JS (jQuery, in particular) to perform client-side
>validation and CF for server-side?
If I'm using ColdFusion, then yes--I use JS for client side and CF for the
server-side.
-Dan
~|
Macromedia ColdFusion MX7
Good points, Dan...
Do you use JS (jQuery, in particular) to perform client-side
validation and CF for server-side?
Rick
-Original Message-
From: Dan G. Switzer, II [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 14, 2007 11:35 AM
To: CF-Talk
Subject: RE: Client-side validation or
Rick,
>It's probably just my ignorance about the use of JS, but why
>can't JS be coded to insure clean code?
>
>I mean, if I set up validation to only allow digits on the client-side,
>how can they insert hack code that will affect my server?
>(I really know next to nothing about hacking servers a
d the code that
is used, so I really am just looking to be educated...)
Rick
-Original Message-
From: Zaphod Beeblebrox [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 14, 2007 11:13 AM
To: CF-Talk
Subject: Re: Client-side validation or Server-side Validation?
heck as long as you impli
heck as long as you implicity trust your users to give you clean data
and they'll never try to hack your server, well then yeah, I think
client side only is good. To me, this pertains to the apps that my
mom and I useeverything else uses server side or both.
:)
On 4/14/07, Rick Faircloth <[
101 - 194 of 194 matches
Mail list logo
