[whatwg] Client-side verification will never work in the real world

Jason Lustig jasonlustig at adelphia.net
Mon Jun 28 21:58:49 PDT 2004


Max Romantschuk wrote:

> At the end of section 2.1, right before section 2.1.1 reads the following:

I missed that, my mistake. Still, there are a lot of web developers that 
will forget about it...

> Your point is valid, but client-side checking is a valuable tool. 
[...]

I totally agree with you! I am dreaming right now of quicken-style 
dropdown calendar and calculator widgets in my webapps... and 
client-side verification is good for the average user, but it isn;t the 
end-all-be-all of security.

I guess I'm afraid that a lot of new coders will not do server-side 
checking, since it's taken care of so nicely by the UA, leading to a lot 
of insecure apps, similar to new php coders using things like 
register_globals because its easy, even if it's insecure. (full 
disclosure: I am a PHP coder) That's one of the main things people 
complain about with php, that it's so easy to lear that there is a LOT 
of insecure code out there.

Jason

PS: I'm new to the list too - hello! :)



More information about the whatwg mailing list