- From: Jason Lustig <jasonlustig@adelphia.net>
- Date: Tue, 29 Jun 2004 00:58:49 -0400
Max Romantschuk wrote: > At the end of section 2.1, right before section 2.1.1 reads the following: I missed that, my mistake. Still, there are a lot of web developers that will forget about it... > Your point is valid, but client-side checking is a valuable tool. [...] I totally agree with you! I am dreaming right now of quicken-style dropdown calendar and calculator widgets in my webapps... and client-side verification is good for the average user, but it isn;t the end-all-be-all of security. I guess I'm afraid that a lot of new coders will not do server-side checking, since it's taken care of so nicely by the UA, leading to a lot of insecure apps, similar to new php coders using things like register_globals because its easy, even if it's insecure. (full disclosure: I am a PHP coder) That's one of the main things people complain about with php, that it's so easy to lear that there is a LOT of insecure code out there. Jason PS: I'm new to the list too - hello! :)
Received on Monday, 28 June 2004 21:58:49 UTC