Skip to main content

Form Validation, double check always!!


Validation is one of the most important tasks while creating any form on a web site. Almost every website you visit you will find at least one form. As JavaScript is now a days supported by all browsers and many websites rely on the JavaScript completely and does not work if JavaScript is not supported. Also as the browsers evolved, they started offering various developer friendly tools with their browsers such as Google Chrome provides a console where you can execute JavaScript.
Now the important question is when you have a form on your website you should always have both Client side form validation as well as server side validation.
Now many people think why do we require server side validation??
1. Well because even though JavaScript is supported by all browsers, people forget that browsers also provide various developer friendly tools using which we can change the entire JavaScript code. Let's say, I just change validation function to return true in all the cases.. Your application will throw an error in this case because you don't have server side validation and it might show some exception information with some internal application code!!
2. In other case I fill form with all the required and valid values and use some tool such as Burp to interfere with the request which is being sent to server and replace the valid values with malicious values, then also your application will fail, right?

Why this post, well yesterday itself I found a website where on a form with simple JavaScript function change I got the entire data maintained by the website, Also one of my friend told me his Manager said to him that do not apply server side validation as its not stated in requirement document!!
Labels:

Comments

  1. UnknownJuly 18, 2012 at 12:59 PM

    Yeah its always good to have server side validation as well. Wondering if i edit some JS code using console but it won't affect my validation. So is there any tool so that i can get what u exactly mentioned at point 1.

    ReplyDelete
  2. Sachin GoradeJuly 18, 2012 at 2:02 PM

    If you press F12 in Google Chrome you will get a console where you can change Javascript functions. Firebug is one of the well known developer tools for Firefox. Internet explorer also provides you a console(press F12 there also).

    ReplyDelete
  3. UnknownJuly 18, 2012 at 2:20 PM

    Yeah its okay but it makes no matter even if i edit JS snippet. My JS function works perfectly.

    ReplyDelete
  4. Sachin GoradeJuly 18, 2012 at 2:24 PM

    Well using this console you can change the entire function itself, which will not validate the fields and will submit the form!!
    Try using JavaScript console to change function behavior.

    ReplyDelete

Post a Comment

Popular posts from this blog

Spring AOP : JDK Proxy vs CGLib Proxy

Spring framework is one of the most widely used framework in Enterprise application development. It has so many features such as Dependency injection, Data access integration, MVC, AOP which takes care of most of the boilerplate part of project, and developers can then focus on business logic only. One of the important feature in Spring is AOP. It is used by almost every enterprise application which is being developed using Spring. AOP So what is AOP? Definition of AOP - Aspect oriented programming is a programming paradigm which aims to increase modularity by allowing the separation of cross cutting concerns. Well, my understanding of AOP is - AOP allows us to introduce/join new modules in your project at pre-specified dynamic locations without having to code for it. Traditional examples of AOP is Transaction management, logging etc. You can read more about AOP at here . This article is for those who know AOP, have used AOP in their projects but do not know how Spring or o...
2 comments
Read more >

Notepad++ Compile and Run Java Programs

Notepad++ is a great file editor. It has many features. The most important feature which I like about Notepad++ is its light weight. It loads up so quickly, that's great. It also provides syntax highlighting for many languages. I use notepad++ to edit general files as well as my simple Java programs. Although notepad++ provides functionality to run external programs, I prefer NppJavaTools plugin to compile and run Java programs using notepad++. You can download NppJavaTools plugin from this page - NppJavaTools . Installation Installation of plugins in notepad++ is very simple process. All you have to do is copy plugin dll into plugins folder of notepad++ installation directory and restart the notepad++. Features This plugin provides following features, Compile and run your Java files within Notepad++ Set custom hotkeys for compiling and running Java Code Library support Compile and Run This function allows you to run your Java programs to compile and run from N...
2 comments
Read more >

Spring Custom Scope

Spring framework is one of the DI frameworks which is largely used to develop web applications(enterprise). It provides almost every feature which is required to develop a enterprise web application. Also it is extendable, so you can customize it the way it suits for your application. Custom bean scope Although bean scopes provided by Spring fulfills requirements of the application, some times you may need something different which is not available by default. In our application we faced the same situation. Requirement We had a requirement of the scope which uses an application value to decide which bean to use(return). The default scopes provided by Spring were not useful and was not providing the required functionality. Implementation As I said earlier, Spring is extendable. It provides an interface Scope, which you can implement to introduce custom scope in your application. To create custom scope, Scope interface needs to be implemented. Scope interface has ...
Post a Comment
Read more >