[whatwg] Client-side verification will never work in the real world
Jason Lustig
jasonlustig at adelphia.net
Mon Jun 28 21:08:13 PDT 2004
Hi y'all
I just recently read through the Web Forms 2.0 spec draft. I must say,
it looks awesome, very exciting from the POV of a web app developer
(i.e. me), and it would definitely make writing web apps SO much easier
with these extensions.
However - I am a believer that client-side form vefification - while a
nice trick that will take care of most users - never will work with
real-world, open (i.e. anyone can access them) web apps, like
BBSes/forums/blogs.
The reason is this: if the only verification going on is on the client
side, while it sure makes it easier for the developer, if a hacker
simply used a user-agent that didn't verify data integrity (they
wouldn't necessarily have to write a new one from scratch either - like,
say, they could hack mozilla to take out the verification code), they
could send in garbage and mess up the database.
Oops! There goes all the data...
--Jason
More information about the whatwg
mailing list