Possible Duplicate:
JavaScript: client-side vs. server-side validation可能重复:JavaScript:客户端与服务器端验证
There are a lot of JavaScript/jQuery client-side form validation scripts out there. But considering that it's client side, it's fairly easy to bypass the validation and submit a form with values that ignore the validation rules. The only solution is to also implement server-side validation as well in order to protect yourself.
那里有很多JavaScript / jQuery客户端表单验证脚本。但考虑到它是客户端,绕过验证并提交一个忽略验证规则的值的表单相当容易。唯一的解决方案是同时实施服务器端验证以保护自己。
Client-side jQuery validation is fun and it looks slick, but if you already have to implement server-side validation then what's the point of the client-side validation? It seems unnecessarily redundant and a waste of development time. Is it useless?
客户端jQuery验证很有趣,看起来很光滑,但如果你已经必须实现服务器端验证,那么客户端验证的重点是什么?这似乎是不必要的冗余,浪费了开发时间。它没用吗?
Also, are there any good ways to implement client-side validation that don't require server-side validation?
另外,有没有很好的方法来实现不需要服务器端验证的客户端验证?
5 个解决方案
#1
6
Client Side validation can always be bypassed. There's no way around this. Backend validation should always be used when dealing with sensitive information, writing to/reading from a db, or really anything that could be hacked.
始终可以绕过客户端验证。没有办法解决这个问题。在处理敏感信息,写入/读取数据库或任何可能被黑客入侵的任何内容时,应始终使用后端验证。
Client side validation is just there because it's faster. Much rather know instantly that my email address wasn't formatted correctly than after I've submitted the form, the server checked it out, and sent something back.
客户端验证就在那里,因为它更快。很明显我立即知道我的电子邮件地址格式不正确,而不是在我提交表单后,服务器检查了它,并发回了一些东西。
#2
3
One word: usability. You shouldn't only write you web apps in defense against hackers. There are lots more regular users out there who just want easy-to-use, intuitive software.
一句话:可用性。你不应该只为了防范黑客而编写网络应用程序。有更多的普通用户只需要易于使用的直观软件。
#3
2
It provides better user experience. That's the point. Instead of submitting the form every time and waiting for server response user can see the results of validation immediately after changing form values.
它提供更好的用户体验。这才是重点。每次都提交表单并等待服务器响应,用户可以在更改表单值后立即查看验证结果。
#4
0
You always need server-side validation. Never trust any data coming from the client. Client-side validation is done for a better user experience. User experience is very important if you want people to use your site.
您始终需要服务器端验证。永远不要相信来自客户的任何数据。客户端验证是为了获得更好的用户体验。如果您希望人们使用您的网站,用户体验非常重要。
#5
0
The idea behind client-side validation is the the system is "fail-fast". If an honest user makes a mistake, she is told at once, which is good for the user (less waiting) and for the server (lighter traffic load).
客户端验证背后的想法是系统“快速失败”。如果一个诚实的用户犯了错误,她立即被告知,这对用户(较少等待)和服务器(较轻的流量负载)有好处。
Server-side validation is always necessary for security to exist; any system of client-side validation that is secure must assume that the user is somehow not in control of his own machine.
安全性存在时,始终需要服务器端验证;任何安全的客户端验证系统都必须假定用户以某种方式无法控制自己的机器。
#1
6
Client Side validation can always be bypassed. There's no way around this. Backend validation should always be used when dealing with sensitive information, writing to/reading from a db, or really anything that could be hacked.
始终可以绕过客户端验证。没有办法解决这个问题。在处理敏感信息,写入/读取数据库或任何可能被黑客入侵的任何内容时,应始终使用后端验证。
Client side validation is just there because it's faster. Much rather know instantly that my email address wasn't formatted correctly than after I've submitted the form, the server checked it out, and sent something back.
客户端验证就在那里,因为它更快。很明显我立即知道我的电子邮件地址格式不正确,而不是在我提交表单后,服务器检查了它,并发回了一些东西。
#2
3
One word: usability. You shouldn't only write you web apps in defense against hackers. There are lots more regular users out there who just want easy-to-use, intuitive software.
一句话:可用性。你不应该只为了防范黑客而编写网络应用程序。有更多的普通用户只需要易于使用的直观软件。
#3
2
It provides better user experience. That's the point. Instead of submitting the form every time and waiting for server response user can see the results of validation immediately after changing form values.
它提供更好的用户体验。这才是重点。每次都提交表单并等待服务器响应,用户可以在更改表单值后立即查看验证结果。
#4
0
You always need server-side validation. Never trust any data coming from the client. Client-side validation is done for a better user experience. User experience is very important if you want people to use your site.
您始终需要服务器端验证。永远不要相信来自客户的任何数据。客户端验证是为了获得更好的用户体验。如果您希望人们使用您的网站,用户体验非常重要。
#5
0
The idea behind client-side validation is the the system is "fail-fast". If an honest user makes a mistake, she is told at once, which is good for the user (less waiting) and for the server (lighter traffic load).
客户端验证背后的想法是系统“快速失败”。如果一个诚实的用户犯了错误,她立即被告知,这对用户(较少等待)和服务器(较轻的流量负载)有好处。
Server-side validation is always necessary for security to exist; any system of client-side validation that is secure must assume that the user is somehow not in control of his own machine.
安全性存在时,始终需要服务器端验证;任何安全的客户端验证系统都必须假定用户以某种方式无法控制自己的机器。