Reputation: 414
Form validation on the server
This example shows how to validate the entered data on the form: Validating Form Input
And is it correct to do validation on the Server? I thought the validation should be done by frontend.
Upvotes: 1
Views: 85
Answers (1)
Reputation: 51
Those are not mutually exclusive.
The following things are general lessons and don't just apply to Java but to all programming in general:
The server side is way more important. Never trust user input. Never. The only reason to validate in the form/frontend/client is to make it easier for the user to send you proper input.
Update: Don't confuse "don't trust user input" with "don't trust anyone". Trusting user input is effectively putting out a wildcard check out there signed in your name.
While including code you found is just trusting exactly the code you included. Or to go with the money metaphor again: a fixed amount. Of course you should in my opinion do at least some backgroundd check. But most shady individuals bank on impulse. So they don't put much work in a clever disguise or even building rputation. So usually you can trust established libs to some degree.
You still always need to verify the data on the server-side. Because the client could be manipulated. And that does not even require the malicious intent of the user. Or even the user's knowledge at all. See the man in the middle attacks for example. A third party might manipulate the data on the way to the server.
Upvotes: 2
Related Questions
- Spring boot validation doesn't work
- Springboot Thymeleaf form validation not working
- Attempting Spring Boot form validation with thymeleaf, but getting an error that I can't figure out
- How to validate a form with thymeleaf and spring?
- Spring Boot + Thymeleaf - form validation
- @Valid form validation not working with Thymeleaf Spring Boot
- Spring 4 and thymeleaf form validatation
- html form validation using thymeleaf not working spring boot
- Thymeleaf Validation
- Thymeleaf form validation with spring MVC