i really love the jquery validation plugins, look neat stylish and accessible, but as you know JavaScript can be turned off and boom your user can enter what ever he wants, therefore you should validate on server too, so what is the best approach here ?
我真的很喜欢jquery验证插件,看起来整洁时尚且易于访问,但是你知道JavaScript可以关闭并且繁荣你的用户可以输入他想要的东西,因此你也应该在服务器上验证,那么这里最好的方法是什么?
do double validation one with jquery and one on server side or is there a better solid secure way ?
用jquery进行双重验证,在服务器端进行一次验证,还是有更好的可靠安全方式?
4 个解决方案
#1
The only way to go is to validate with jQuery and then do the same validation again on the server side.
唯一的方法是使用jQuery进行验证,然后在服务器端再次执行相同的验证。
Client side validation is only for making your application more user friendly. So validate the fields that will save the user some round-trips to the server and that will contribute to a better user experience.
客户端验证仅用于使您的应用程序更加用户友好。因此,验证将为用户节省一些往返服务器的字段,这将有助于提供更好的用户体验。
Always validate on the server side. This protects you from attacks to your application. It also helps from feeding erroneous input to your code.
始终在服务器端验证。这可以保护您免受对应用程序的攻击。它还有助于将错误的输入提供给您的代码。
#2
Well double validation is probably the only way to go - if the user disables javascript, then no validation will be executed on the client side, therefore you MUST have server side validation. On the other hand - for the convenience of most users - there should be a client side validation mechanism so that round-trips to the server are minimized.
双重验证可能是唯一的方法 - 如果用户禁用javascript,那么将不会在客户端执行验证,因此您必须具有服务器端验证。另一方面 - 为了方便大多数用户 - 应该有一个客户端验证机制,以便最小化到服务器的往返。
#3
That's why I still use the Asp.Net validation. Because, with a minimal effort your data will be validated on the client and server.
这就是我仍然使用Asp.Net验证的原因。因为,只需很少的工作量,您的数据就可以在客户端和服务器上进行验证。
#4
You should always validate your data server side, jQuery or not, never trust incoming data.
您应始终验证您的数据服务器端,jQuery与否,永远不要信任传入的数据。
#1
The only way to go is to validate with jQuery and then do the same validation again on the server side.
唯一的方法是使用jQuery进行验证,然后在服务器端再次执行相同的验证。
Client side validation is only for making your application more user friendly. So validate the fields that will save the user some round-trips to the server and that will contribute to a better user experience.
客户端验证仅用于使您的应用程序更加用户友好。因此,验证将为用户节省一些往返服务器的字段,这将有助于提供更好的用户体验。
Always validate on the server side. This protects you from attacks to your application. It also helps from feeding erroneous input to your code.
始终在服务器端验证。这可以保护您免受对应用程序的攻击。它还有助于将错误的输入提供给您的代码。
#2
Well double validation is probably the only way to go - if the user disables javascript, then no validation will be executed on the client side, therefore you MUST have server side validation. On the other hand - for the convenience of most users - there should be a client side validation mechanism so that round-trips to the server are minimized.
双重验证可能是唯一的方法 - 如果用户禁用javascript,那么将不会在客户端执行验证,因此您必须具有服务器端验证。另一方面 - 为了方便大多数用户 - 应该有一个客户端验证机制,以便最小化到服务器的往返。
#3
That's why I still use the Asp.Net validation. Because, with a minimal effort your data will be validated on the client and server.
这就是我仍然使用Asp.Net验证的原因。因为,只需很少的工作量,您的数据就可以在客户端和服务器上进行验证。
#4
You should always validate your data server side, jQuery or not, never trust incoming data.
您应始终验证您的数据服务器端,jQuery与否,永远不要信任传入的数据。