Reputation: 2641
Validate forms on both sides or only in the server side?
I have a question about forms validation in JS. I know that the most part of the inputs of an app must be validated on the server side, but if you also do it in the client side, you will be avoiding unnecesary requests to the server.
In the other hand, the logic of your data validation will be exposed in your client code (in my opinion there will be more chance to bypass the app security), and also, there will be code repetition (in the server and client) and a double check if all is correct, which is not the best performance.
Is there any standard? Until now, I have been doing all this stuff in the backend, but I am a little curious about this.
I would really appreciate the suggestion (list of pros and cons, if necessary) of an experienced programmer.
Thank you.
Upvotes: 4
Views: 2003
Answers (3)
Reputation: 108706
Cybercreeps can attack your server-side applications with maliciously crafted requests. They don't have to use your client side code to do this, instead they can hack together their own client side scripts. Therefore, your server code MUST do all validation necessary to protect your application against attack. It CANNOT rely on client side validation for security and integrity.
Your client side application can also validate its inputs. For example, it can warn the user if they put their given name into a date field, or make other similar mistakes. You do this as a courtesy to your user, to make your app easier to use.
Upvotes: 3
Reputation: 453
Here you can find a list of most common vulnerabilities of information systems. If you don't validate on the FE side, there's a risk of XSS attacks. On the other hand, if you don't validate on the BE side, there's a risk of Injection, Sensitive Data Exposure, etc.
So, to summarize my point, I think that the best would be to validate on both sides.
P.S. this is just my personal opinion, and I am a junior developer.
Upvotes: 1
Reputation: 41
I am not so experienced but my opinion is that I would do validation on the client side mostly only if it affects the UI/UX. It can be something regarding the permissions, so the UI gets to disable some stuff for example. The other aspect is the data type, this can be restricted in the client side but this is not validation.
Upvotes: 2
Related Questions
- Field validations at frontend or backend? Which is better?
- How can i add a front end and backend validation to a node js user authentication project?
- JavaScript: client-side vs. server-side validation
- Server side data validation in Express + node.js
- Node.js server-side form validation with client-side response
- NodeJS: Server-side request data validation
- How do you handle server side validation in Express and Node?
- where to validate user input on the server side?
- Middleware to validade all form entries express js, node js
- How to validate and handle a form in Express (NodeJS)