[whatwg] Client-side verification will never work in the real world
jasonlustig at adelphia.net
Mon Jun 28 21:08:13 PDT 2004
I just recently read through the Web Forms 2.0 spec draft. I must say,
it looks awesome, very exciting from the POV of a web app developer
(i.e. me), and it would definitely make writing web apps SO much easier
with these extensions.
However - I am a believer that client-side form vefification - while a
nice trick that will take care of most users - never will work with
real-world, open (i.e. anyone can access them) web apps, like
The reason is this: if the only verification going on is on the client
side, while it sure makes it easier for the developer, if a hacker
simply used a user-agent that didn't verify data integrity (they
wouldn't necessarily have to write a new one from scratch either - like,
say, they could hack mozilla to take out the verification code), they
could send in garbage and mess up the database.
Oops! There goes all the data...
More information about the whatwg