Penetration Testing mailing list archives
Re: To validate or not to validate: Client side validation
From: ㅤ ㅤRockey <skg102 () gmail com>
Date: Tue, 27 Apr 2010 01:49:12 +0530
Hello, Client side validation enhances the user interactivity and gives the quick response to the end user about the input that has been filled by the user in the application. However as far as security is concerned then you can rely on server side validations as a malicious users (crackers) know this very well how to bypass client side validation but you can still protect your website from n00bs from trying something funny on your application by using client side validation but you have to make sure that server side validation is up to the mark as your server side validation is you wall of defense. Okay as far as you are only considered with security then you need not to emphasize on client side validation and you can move on, even if the client side validation is not there but i will recommend you to apply client side validation to enhance the end users experience with your application. Cheers, Rockey ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- To validate or not to validate: Client side validation pand0ra (Apr 20)
- RE: To validate or not to validate: Client side validation Paul Melson (Apr 22)
- Re: To validate or not to validate: Client side validation Alexander Klimov (Apr 22)
- Re: To validate or not to validate: Client side validation Todd Haverkos (Apr 22)
- Re: To validate or not to validate: Client side validation Joe Peters (Apr 26)
- Re: To validate or not to validate: Client side validation ㅤ ㅤRockey (Apr 27)
- Re: To validate or not to validate: Client side validation Patrick Cornelißen (Apr 26)
- <Possible follow-ups>
- Re: To validate or not to validate: Client side validation Robinson Delaugerre (Apr 22)
- Re: To validate or not to validate: Client side validation Dotzero (Apr 26)
- Re: To validate or not to validate: Client side validation Alexander Klimov (Apr 27)
- Re: To validate or not to validate: Client side validation Dotzero (Apr 27)
- Re: To validate or not to validate: Client side validation Patrick Cornelißen (Apr 29)
- Re: To validate or not to validate: Client side validation Joe Peters (Apr 29)
- Re: To validate or not to validate: Client side validation Dotzero (Apr 26)