Re: form submit

From: Bob Barrows [MVP] (reb01501_at_NOyahoo.SPAMcom)
Date: 08/19/04

• Next message: Dr John Stockton: "Re: Date To Text String"
• Previous message: Dave Anderson: "Re: alert - no alert"
• In reply to: Roland Hall: "Re: form submit"
• Next in thread: Roland Hall: "Re: form submit"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 19 Aug 2004 10:34:44 -0400

Roland Hall wrote:
>
> If you're not performing validation on the client, isn't is quite
> expensive to do that on the server

Server-side validation should be done whether or not client-side validation
is performed. If a hacker spoofs your data-entry page, bypassing all of your
client-side validation, you had better have made the effort to validate
submitted data on the server.

> and if you're doing it
> server-side, do you normally submit to the same page AND,

There is no requirement to do that.

> isn't there
> a lot more work at maintaining the state of what's been entered
> because you now have to set any existing values upon entry?

Again, it needs to be done. I get around this by using XMLHTTP to do all my
submits these days (no <FORM> tags),. so that the page is never reloaded and
state is not a problem. But I have the advantage of working on intranet
apps. This solution may not be viable in an internet app.

Bob Barrows

-- 
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

---

• Next message: Dr John Stockton: "Re: Date To Text String"
• Previous message: Dave Anderson: "Re: alert - no alert"
• In reply to: Roland Hall: "Re: form submit"
• Next in thread: Roland Hall: "Re: form submit"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: OpenQM doco in Wiki ... By validation I assume that you mean whether or not a field entry is ... Ka band satellite - The Server is here and there is latency. ... business rules being on the client. ... As for the wider internet ie those ... (comp.databases.pick) Re: eap-tls and peap-tls ... server is doing the internal validation. ... > "configure" option of the authentication method which is selected from ... > machine and user certificates (using peap-tls) does the IAS server ... (microsoft.public.internet.radius) Re: RequiredFieldValidator - on-the-fly changes ... I posted this answer to your question on another newsgroup. ... Creator of "Professional Validation And More" at ... > You can use client-side API to enable it at client but as you set ... > Enabled=false at the server, you'd need to set it back at the server as ... (microsoft.public.dotnet.framework.aspnet.webcontrols) Re: Validating dates with a CompareValidator ... The server dictates format. ... Remember that client-side validation is a bonus. ... (microsoft.public.dotnet.framework.aspnet) Re: Help on validation process? ... All of the .NET validators attempt to validate each control client-side in ... no client-side only validation is ... secure because the server should never trust what the client is sending it. ... (microsoft.public.dotnet.framework.aspnet)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)