[whatwg] Client-side verification will never work in the real world
Jason Lustig
jasonlustig at adelphia.net
Mon Jun 28 21:58:49 PDT 2004
Max Romantschuk wrote:
> At the end of section 2.1, right before section 2.1.1 reads the following:
I missed that, my mistake. Still, there are a lot of web developers that
will forget about it...
> Your point is valid, but client-side checking is a valuable tool.
[...]
I totally agree with you! I am dreaming right now of quicken-style
dropdown calendar and calculator widgets in my webapps... and
client-side verification is good for the average user, but it isn;t the
end-all-be-all of security.
I guess I'm afraid that a lot of new coders will not do server-side
checking, since it's taken care of so nicely by the UA, leading to a lot
of insecure apps, similar to new php coders using things like
register_globals because its easy, even if it's insecure. (full
disclosure: I am a PHP coder) That's one of the main things people
complain about with php, that it's so easy to lear that there is a LOT
of insecure code out there.
Jason
PS: I'm new to the list too - hello! :)
More information about the whatwg
mailing list