struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Baity <tonyba...@yahoo.com>
Subject Re: Role Based Struts Validation
Date Thu, 30 Jan 2003 02:09:06 GMT

Peter,
I have also been involved with a cutomer that wants client side field validation and even
page sections that magically appear when certain radio buttons and check boxes are clicked.
These are people that have been using an Oracle forms based solution for many years and have
become attached to the way the that those kind of screen behave. As a result, the last web
based system that i helped them with involved a whole bunch of pop-up windows to try to emulate
what they are used to seeing. 
A long time ago, an ex-project leader of mine once told me that the first task of any software
development project has to reduce customer expectations. But this is easier said than done.
I have even tried the approach of painting a negative view of javascript... but  many end
user only really care about how good it looks on the screen and not how well it is engineered
under the skin.
About the only way I have seen to sell good engineering practices is to talk about the $$
saved on maintenance costs.
 "Peter A. Pilgrim" <peterp@xenonsoft.demon.co.uk> wrote:David Graham wrote:
>> In fact my client has made a major decision, to do a lot of validation
>> using JavaScript using a massive library with minimum server-side
>> validation if they can help it.
> 
> 
> Does your client realize the security problems associated with that 
> decision? It's trivial to write a program that posts data to a web 
> application; without server side checks a hacker could craft a malicious 
> piece of data.
> 

What I meant by minimum validation is "simple validation" without
hard and fast interfield and security credential dependency rules.

In any case I going to have check that a String can covert to Date,
or Integer. It will be just going to back in time 9 months ago to
Struts 1.02 and Action Form and custom validation utility classes
which I wrote.

I have been unable to prove the concept that Struts Validator
can do what they want. And they want complex role based
validation for form fields.

--
Peter Pilgrim
__ _____ _____ _____
/ //__ // ___// ___/ + Serverside Java
/ /___/ // /__ / /__ + Struts
/ // ___// ___// ___/ + Expresso Committer
__/ // /__ / /__ / /__ + Independent Contractor
/___//____//____//____/ + Intrinsic Motivation
On Line Resume
||
\\===> `` http://www.xenonsoft.demon.co.uk/no-it-striker.html ''


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org



---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message