Skip to main content

Form Validation, double check always!!


Validation is one of the most important tasks while creating any form on a web site. Almost every website you visit you will find at least one form. As JavaScript is now a days supported by all browsers and many websites rely on the JavaScript completely and does not work if JavaScript is not supported. Also as the browsers evolved, they started offering various developer friendly tools with their browsers such as Google Chrome provides a console where you can execute JavaScript.
Now the important question is when you have a form on your website you should always have both Client side form validation as well as server side validation.
Now many people think why do we require server side validation??
1. Well because even though JavaScript is supported by all browsers, people forget that browsers also provide various developer friendly tools using which we can change the entire JavaScript code. Let's say, I just change validation function to return true in all the cases.. Your application will throw an error in this case because you don't have server side validation and it might show some exception information with some internal application code!!
2. In other case I fill form with all the required and valid values and use some tool such as Burp to interfere with the request which is being sent to server and replace the valid values with malicious values, then also your application will fail, right?

Why this post, well yesterday itself I found a website where on a form with simple JavaScript function change I got the entire data maintained by the website, Also one of my friend told me his Manager said to him that do not apply server side validation as its not stated in requirement document!!
Labels:

Comments

  1. UnknownJuly 18, 2012 at 12:59 PM

    Yeah its always good to have server side validation as well. Wondering if i edit some JS code using console but it won't affect my validation. So is there any tool so that i can get what u exactly mentioned at point 1.

    ReplyDelete
  2. Sachin GoradeJuly 18, 2012 at 2:02 PM

    If you press F12 in Google Chrome you will get a console where you can change Javascript functions. Firebug is one of the well known developer tools for Firefox. Internet explorer also provides you a console(press F12 there also).

    ReplyDelete
  3. UnknownJuly 18, 2012 at 2:20 PM

    Yeah its okay but it makes no matter even if i edit JS snippet. My JS function works perfectly.

    ReplyDelete
  4. Sachin GoradeJuly 18, 2012 at 2:24 PM

    Well using this console you can change the entire function itself, which will not validate the fields and will submit the form!!
    Try using JavaScript console to change function behavior.

    ReplyDelete

Post a Comment

Popular posts from this blog

Spring AOP : JDK Proxy vs CGLib Proxy

Spring framework is one of the most widely used framework in Enterprise application development. It has so many features such as Dependency injection, Data access integration, MVC, AOP which takes care of most of the boilerplate part of project, and developers can then focus on business logic only. One of the important feature in Spring is AOP. It is used by almost every enterprise application which is being developed using Spring. AOP So what is AOP? Definition of AOP - Aspect oriented programming is a programming paradigm which aims to increase modularity by allowing the separation of cross cutting concerns. Well, my understanding of AOP is - AOP allows us to introduce/join new modules in your project at pre-specified dynamic locations without having to code for it. Traditional examples of AOP is Transaction management, logging etc. You can read more about AOP at here . This article is for those who know AOP, have used AOP in their projects but do not know how Spring or o...
2 comments
Read more >

Encrypt Decrypt data using AES in Java

AES stands for Advanced Encryption Standard. AES is an Symmetric Key Algorithm, that means key used for encrypting the data, same key will be used for  decryption of  the encrypted data. This algorithm supplants DES algorithm. This post shows how to use AES algorithm in Java to encrypt and decrypt data. Encrypting Data- import java.security.GeneralSecurityException; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; public class AESTest1 { public static void main(String[] args) throws GeneralSecurityException { KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.init(128); SecretKey key = keyGenerator.generateKey(); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, key); byte encryptedData[] = cipher.doFinal(args[0].getBytes()); } } In above example we have used KeyGenerator class, which generates key for encrypting data, as we are using...
2 comments
Read more >

Java Tools Plugin for Notepad++ Update

This post and the plugin is outdated. Please use plugin from  this link  which is updated and allows customization of shortcut key mappings and much more . This post is regarding the update for Notepad++ plugin which I wrote to use compile and execute Java programs from the Notepad++ editor itself. I have updated the plugin so that user can customize the shortcut keys assigned for compiling and executing the programs. Following image shows simple Settings dialog where you can customize the shortcut keys mapping. Although user can customize the keys but to apply them Notepad++ must be restarted. Well, I tried but in Notepad++, there is no way to change mapping after initialization process of plugin.. Click here to download the plugin.
5 comments
Read more >