World Wide Web

How server side validation using AJAX may be better than client side validation

Let's say you are filling up a form and suddenly you get a popup which says that certain characters are not allowed in a field. Or an alert, which says that the number of characters entered is more than some defined limit.

Now using some fundoo plugin, you just edit that Javascript and ensure that the invalid characters are accepted silently. What will happen in this case?

The fact is, this might create problems in the system and may be a playground for hackers.

There are several solutions to this. Code obfuscation is one of them. However, to be on the safer side, it is advisable to perform server side validation before the data is processed further.

If the server side validation is not done, hell may break loose. If the server side code takes care of validation, then there are no problems. But this would mean that we are replicating the validation function in two different places. So how about combining the two and just providing server side validation using AJAX? The client will see the validation happen prior to submit (may-be a bit slow), and at the same time no code is written in Javascript to perform the validation.

Although people criticize AJAX about attacks, I feel it is an elegant solution if used appropriately.