- From: Jason Lustig <jasonlustig@adelphia.net>
- Date: Tue, 29 Jun 2004 00:08:13 -0400
Hi y'all I just recently read through the Web Forms 2.0 spec draft. I must say, it looks awesome, very exciting from the POV of a web app developer (i.e. me), and it would definitely make writing web apps SO much easier with these extensions. However - I am a believer that client-side form vefification - while a nice trick that will take care of most users - never will work with real-world, open (i.e. anyone can access them) web apps, like BBSes/forums/blogs. The reason is this: if the only verification going on is on the client side, while it sure makes it easier for the developer, if a hacker simply used a user-agent that didn't verify data integrity (they wouldn't necessarily have to write a new one from scratch either - like, say, they could hack mozilla to take out the verification code), they could send in garbage and mess up the database. Oops! There goes all the data... --Jason
Received on Monday, 28 June 2004 21:08:13 UTC