Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I have a simple reservation form with a JQ datepicker and I set the start date on the calendar based on JavaScript new Date().
Now without making things any more complicated and running some kind of Ajax request to grab the correct date from the server because obviously JS will return whatever time is set on the users device.
The app itself will validate the date on submit so the question is:
How many users has computers and devices running a wrong date/time?
Is it a good practice to disable the past days?
Should I rather allow the user to pick a whatever date and validate
with some kind of JS validation function or on form submit?
How many users has computers and devices running a wrong date/time?
Probably lots.
Is it a good practice to disable the past days?
There's nothing wrong with that at all
Should I rather allow the user to pick a whatever date and validate with some kind of JS validation function or on form submit?
This is the major point. You can use all the JS validation you want, but consider it only a courtesy to the user. All business critical validation should be done on the server - even if you validated the input on the client-side too. This is to ensure that data integrity is upheld even if a malicious user attempts to make requests to your server without using your front end website.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I have a concern about security of JavaScript. It seems that one can edit the JavaScript code in browser to alter form validations so that he can submit something bad. I know that back-end validation is also necessary and important, but is there a way to prevent such modification of JS code at the front-end? Because, otherwise it seems like the effort paid to implement front-end validation with JavaScript can be easily wasted.
Javascript form validation is not meant to be your application's form of security. It's purpose is for a cleaner user experience that gracefully notifies the user of errors/progress/requirements of the form itself.
NEVER rely on client-side code as a point of security in your applications because, by nature, you're giving that code to everyone.
Also, don't think of it as a waste of effort. The more polite your app is in notifying and guiding what the user must do to properly fill out your forms, the better.
True security for your application must happen on the server side (PHP, Ruby, Nodejs, etc.).
Javascript validation used to validate the fields in client side to make validation faster instead of sending the request to the server and waiting for the response, Your server side security should not depend on the security of the Javascript, you should validate all submitted data to the server in back-end .
you can compress javascript file to get the mini file to make it little bit harder not to prevent the attack.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
Nowadays it doesn't seem to matter whether you use forms or not for submitting data. Personally, I seem to end up just getting the values from the necessary inputs, manually, using JavaScript, upon the submission of a form (or just a button that is intended to trigger a function that grabs all the input data off the page).
Are there any major differences between using forms to submit data directly over just grabbing the needed elements off a page and using AJAX to send the data?
Edit: Would appreciate explanations if you're going to downvote. I haven't seen the question specifically asked before on StackOverflow plus standards change pretty quickly nowadays and most new developers might wonder what the point of using a form would be over just manually grabbing inputs.
Using forms is recommended due to the following:
Forms provide backwards compatibility to devices that don't look at CSS or use javascript.
With forms you can use tools like parsley.js to grab the wbole form, validate and send off as part of your AJAX without bothering validating every single field in your script.
Other developers expect to see a form because that's how HTML is meant to be, so by omitting one, you introduce unusual code, which in turn would mean wasted time by other developers when they take over your code.
So don't reinvent the wheel and use the forms :)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I made a database that holds information about clinical trials and so far I have been accessing and writing to it using php. I was wondering if there was a way to read/write to a SQL Server database using javascript or jquery? The UI I am developing will be for adding clinical trial data to the database. Only the DB admins will have access to this UI so security should not be a "huge" problem.
You need a middle tier like php, rails, java... to do the database write. You can't do this from the browser with javascript. But there is Node.js, which allows you do write javascript on the server.
In short, no. Even if there was, you should never leave data validation to the client. Just because your DB Admins are trustworthy, doesn't mean those who break into your network will be. DROP TABLE ClinicalTrialData; would be a bad thing. Use PHP/backend of choice to do the donkeywork and use AJA[X|J] if you want a slick UI experience.
Only server side Javascript methods such as using NodeJS as your server. Never put your database credentials on the front end unless you want people to directly access your database.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have a UI with some set of fields where a field becomes mandatory based on value inserted in other field. So just wanted to know the best practice whether this validation needs to be done at server side as well as UI end or its enough if I do the validation at UI end but not at server end
There should be checks on both the client side and the server side.
The client should not be able to submit an incomplete form.
And if another frontend is ever developped, in let's say a webpage, the developer might forget to enforce the checks. The back-end then needs to be able to handle and reject an invalid form.
The rule with validation is never trust input. Assuming that you are building a web application you should at the very least validate when you first hit the server and report errors quickly. The reason being that user's behave unexpectedly and client-side javascript is easily subverted. Client side javascript should be viewed as a convenience for the user. If you expose your services on many fronts (thick client, web services, etc.) then you should also validate in your services.
I advise you to validate this at UI, when you are not using any framework. This will improve the responsiveness for your customer.
Validation on server side is also necessary if you need consistent data in your database.
Perhaps, think of using a framework like Java Server Faces
Frontend validation is easy to implement and the user gets a fast response to his actions. You will need this.
If you wanna persist or do some logic in the backend you should also validate it in the backend.
Java/JSF hibernate Example (backend):
#NotBlank(message = "{contact.firstName.isEmpty}")
#Size(min = 1, max = 255, message = "{contact.firstName.invalid}")
public String getFirstName() {
return firstName;
}
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
What is the best script to use for showing the current visitors or guests Online?
Thanks!
As #Ryan Smith suggested, this greatly depends on the implementation details of the website. I'm sure that there is a off-the-shelf framework offering a storefront application with all the bells and whistles (such as the types of scripts you are mentioning); however, these can range anywhere from being free and open source, or very expensive.
Implementing a script like this yourself isn't very difficult. Assuming that you're keeping track of the users on the website in some form of data store (typically a backend database) you could do something like this:
When the page loads, fire a JavaScript that makes an Ajax request
Have the page that's the target of the Ajax request select a count of the number of rows in the table storing the active users. Return this result.
When the request completes, have the Ajax callback insert the number into the DOM in whatever place you'd like.
You can set this process to repeat at certain intervals so that the pages containing the script are dynamically updated showing a relatively up to date count of the number of users online.
I think it all depends on how your tracking who's online within your application.
Usually, when someone logs-in, you create a session for them that you could iterate through based on whatever language you are using.
You have to keep in mind that HTTP is a stateless environment, so determining when someone is online is largely subjective as to your opinion as to how long ago they logged in.