D For A Web Developer
via Digitalmars-d
digitalmars-d at puremagic.com
Wed Apr 30 10:40:57 PDT 2014
On Wednesday, 30 April 2014 at 17:23:39 UTC, Byron wrote:
> Client side validation should only be used for giving users
> immediate fed
> back and saving cycles. You do know I can look at your js, find
> all of
> your ajax calls and send what ever data I want right..
If the security model depends on code being hidden then there is
something very wrong with it.
The database should do all the veracity checks and apply all the
consistency constraints. The server should merely prepare the
data. If any constraints triggers the transaction is rolled back.
This becomes even more important when you have multiple servers
and versions of the server software maintained by various
divisions writing to the same database.
More information about the Digitalmars-d
mailing list