struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Hill <>
Subject Re: Which methodology is better?
Date Wed, 29 Dec 2004 09:01:07 GMT
Well one thing is mandatory:
You must ALWAYS validate on the server side - regardless of whether 
there is clientside validation as well or not.

This is because you cant trust what comes in over the wire. It _may_ 
come from that page you rendered out nicely with all the javascript, or 
it may be some other garbage submitted by a broken browser or even 
someone trying to spoof a request to hack around with your system. For 
this reason you must check the data validity on the serverside - at the 
least to stop any dodgy values that could harm your system.

That said , having done validation for 'safety' at the serverside to 
stop 'evil' values being submitted , you might choose to leave the 
'friendly' validation to the clientside script.

Do be aware that users can easily switch off javascript, and some 
browsers (especially on small systems like phones and pdas) often dont 
support it at all. (There are also cross-browser compatibiloty issues to 
be dealt with though most modern browsers arent so bad that way).

Choosing to rely on the client for the user-friendly part of validation 
is a choice you make after considering the needs of your particular 
application. For example in a homogenous intranet environment its 
probably ok to expect all your users have such and such a browser and 
will be using JS, while for an internet shopping portal your aim would 
be to reach the maximum audience so you would want to support those 
users who have JS switched off...

That said, one of the joys of struts is that you can have your cake and 
eat it - if you use struts validator it can (afaik) handle both client 
and server sides for you without you having to put in double effort for 
it. 2 for the price of 0 (its free after all). Cant beat that! :-)


Manisha Sathe wrote:

> I am very used to HTML/JavaScript. Normally i do all validations on clientside through
> i just started Struts framework and i understand that "DynaActionForm" is to have validation
on cliend side. (till now using ActionForm only).
> Normally what is the practice ? Which way is better ?
> regards
> Manisha
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message