I was just using "java" as a nickname for "javascript"
Anyway thank you, it's what I suspected, at least now I'm sure!
Thanks
On Feb 3, 11:57 am, Jörn Zaefferer
wrote:
> First of all, it's JavaScript, not Java. Second, you always need
> serverside validation - anything on the clientside can be
First of all, it's JavaScript, not Java. Second, you always need
serverside validation - anything on the clientside can be disabled. An
attacker wouldn't even have to use a browser to submit the form.
In other words: Implement both. Serverside for security and data
integrity, clientside for a bet
2 matches
Mail list logo
