Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am testing a simple registration form (username, password, email... etc), where input validation is done on the client side every time the user writes/deletes a character (not allowing some characters, checking length... etc).
I have recently saw something about doing the email validation on the server side not only the client side because it is insecure since javascript can easily be deactivated on the client side.
Is that really a threat when using javascript only for validating the inputs before sending them with a submit ? or am I worrying for nothing ?
Attackers can send any HTTP request they want, without running any Javascript code.
Yes, it's a threat. Yes, you need to worry about it.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
How JavaScript take user ID and password? And where do it stores that data? And how it check the authentication when next time user wants to login in?
It doesn't. JavaScript running in the browser cannot perform meaningful authentication. You'd need a server-side application that performs the authentication. At most, JavaScript could perform an AJAX request, sending the user ID and password to the server — but how exactly you'd do that would depend entirely on the application. You'd need to read the documentation for your system to find out how authentication is performed.
(It is conceivable that we're talking about a server-side application written in JavaScript à la node.js, but since the question is not tagged as such I'm assuming not.)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
How can an offline website (zip, MHTML, SingleFile) be made secure? Are there techniques (obfuscating, encrypting) or anything within the specs of HTML or JavaScript (ECMAScript) that would allow for an offline website to be secure on its own?
By "secure" I mean that if a user has a local copy of the website, they may not still have access to the contents without a password. Imagine a level of security approximating that which is used in PDF documents.
You may use an offline js function (https://code.google.com/p/crypto-js/#Ciphers here are some algorithms that will do) to encrypt all the data, and ask for a password to decrypt it.
Note that you shouldn't store the correct password, but instead check if it is correct by decrypting with the password given by the user a known message (encrypt "hello world" with the correct password, and then check if the password given by the user works).
Yes; you can encrypt the data, then decrypt it in Javascript.
Note that any user with the encryption will always have full access to the data.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have a form which allows my websites' visitors to insert their credit card information. Once they click submit this information is passed to a paying service.
What are the potential dangers of this? I use client-side form validation for the input, do I need to perform server-side validation as well? What about sanitization?
The best way is that you implement SSL certificates in your server , if you won't it then validate the information in the client side and pass it encrypted to the server side and validate it and save it encrypted on your database.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have a UI with some set of fields where a field becomes mandatory based on value inserted in other field. So just wanted to know the best practice whether this validation needs to be done at server side as well as UI end or its enough if I do the validation at UI end but not at server end
There should be checks on both the client side and the server side.
The client should not be able to submit an incomplete form.
And if another frontend is ever developped, in let's say a webpage, the developer might forget to enforce the checks. The back-end then needs to be able to handle and reject an invalid form.
The rule with validation is never trust input. Assuming that you are building a web application you should at the very least validate when you first hit the server and report errors quickly. The reason being that user's behave unexpectedly and client-side javascript is easily subverted. Client side javascript should be viewed as a convenience for the user. If you expose your services on many fronts (thick client, web services, etc.) then you should also validate in your services.
I advise you to validate this at UI, when you are not using any framework. This will improve the responsiveness for your customer.
Validation on server side is also necessary if you need consistent data in your database.
Perhaps, think of using a framework like Java Server Faces
Frontend validation is easy to implement and the user gets a fast response to his actions. You will need this.
If you wanna persist or do some logic in the backend you should also validate it in the backend.
Java/JSF hibernate Example (backend):
#NotBlank(message = "{contact.firstName.isEmpty}")
#Size(min = 1, max = 255, message = "{contact.firstName.invalid}")
public String getFirstName() {
return firstName;
}
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am very confused about so many languages available.I want to do dynamic form validation and well as after pressing submit button validation as i am learning.
javascript can do client side dynamic validation with functions like onblur for
example when i entered wrong email format it can through me error like wrong email format
but if i enter right email format it has to check on the sever side for the existence of email just like onblur did for client side validation.
i am not sure what language to learn for this when i am considering the compatibility for
browsers in the future as well.
I am thinking of learning ajax,php,html,mysql.
please suggest what else would be required or better.
Easiest option for me, is to learn PHP for server-side validation.
If you want to add client-side validation (which is not a "MUST", but is a "PLUS"), you can use Javascript. Avoid using Ajax, jQuery or any kind of advanced libraries and functionalities until you get a basic understanding of what happens where.