Is Javascript Validation Enough To Keep My Forms Secure?
Solution 1:
Overall, use PHP. Javascript can be easily fooled and/or turned off entirely. At that point your server gets supplied with whatever Mr Malicious End User wants you to have, and you won't be stopping them.
Use PHP for validation, and if you want it to look fancy, put javascript on top. But ALWAYS server-side validate.
Solution 2:
As a general rule of thumb, anything relating to security or prevention of particular user behaviors, don't rely on javascript or CSS to stop something from happening on a page. Since scripts and css can be overridden or disabled in the browser, you'll have no protection against that behavior if they do so.
Server side is the correct place for implementing preventative security precautions.
Also, note that doing both is very nice for user experience, but server side is the only definitive place for preventing unwanted data making it through.
Solution 3:
Every client-side validation MUST be replicated server-side to ensure security. Your client side scripts can be easily replaced by a malicious user in order to bypass your validation completely and buttons can be re-enabled fairly easily with web debugging tools.
However, it is sometimes wanted for user convenience to also include client-side validation. In which case, you have to validate both server-side (PHP) and client-side (Javascript).
Solution 4:
PHP side validation is better .
Solution 5:
You must validate your data on the server and parse the answers of it with Javascript. Only use Javascript to add/remove HTML content and create better user interfaces.
Always take this into account: What happens if the user disables Javascript in his/her browser?
Post a Comment for "Is Javascript Validation Enough To Keep My Forms Secure?"