server side validation from a visual point

Question

If I have a intranet application and am doing both client & server side validation - should I be designing the server side validation (which is done mainly for security reasons) to have a similar look to the client side validation?

I suppose what I am asking is: does server side validation need to really return proper error messages at the field level? Or can it simply reject the page, as the user should be using javascript in a modern browser? (I am using Kendo for client side validation which will work in major browsers).

Is this a strategy sometimes performed, or is there reasons for having the server side validation be useful in a visual sense? If so, what's the reason for this, and does it change if the site is public facing?

Thanks!

Answer 1

I think there are definitely instances where you will want your server side validation to be as user friendly as your client side validation. Imagine a common scenario where your user has to input some login details. You can validate some of this client side - the email address is properly formatted, for example - but from a security point of view you would want to check that the login information is correct on the server, and if the password isn't right then you need to pass a friendly message back. Rejecting the whole page in this case would be OK but that doesn't tell the user where they went wrong.

What client side validation does is allow you to cut down on the amount of server side validation that you need to perform. Checking that certain types of input - mandatory fields or phone numbers - are correct is a lot quicker to do client side and this adds to the overall user experience. It's also becoming technically much quicker to add client side validation; it's pretty well embedded into HTML 5 and there are a number of great jQuery libraries. But friendly server - side validation will always have a place where security is a requirement.