Log in   Register a New Account

Accessify Forum - Independent Accessibility Discussion Since 2003; Professional, Moderated, Web-based, Archived

New to the forum?

Only an email address is required.

Register Here

Already registered? Log In

Currently Online

No registered users are online.

RNIB Web access seminars

Reply with quote Oh hell!

I missed this when it came up - was going through an incredibly busy spell back then. But since this sits here for anyone to come and read, I'm going to address it now, even though it's 2 years old.

It was, I think, in one of the seminars that I ran, that I discussed this issue of client-side vs server-side validation.

I did NOT suggest passing stuff through to server-side processing purely on the basis of setting a flag client-side. Despite what some of you seem to think about RNIB's web access team, we're not that clueless!

What I suggested was, first, that form validation should ideally be carried out server-side. Then second, if one really wanted to use client-side validation, you needed to consider how to handle form submissions from people using a non-JavaScript browser or one where JavaScript has been switched off for whatever reason. The most often raised concern about using server-side validation is the additional load that might place on web servers on high volume sites.

So I then suggested the possibility of using a flag to indicate to the server-side script receiving the form submission that some client-side validation had already taken place. I thought I made it clear, though at this far remove from the actual event I'll accept the possibility that I didn't, that the idea was to bypass some of the server-side validation processes, and thus minimise the impact on server loading, but I'm sure I said "and pass the submission directly to the security processes in place on the server", or something similar.

I was not advocating simply passing stuff through to the innards of your server-side processes without ensuring that it doesn't contain anything malicious!!!!!

Would have been nice if JohnG had spoken up with his concern during the seminar itself so I could have addressed it then, or at least emailed us to let us know about this post at the time. Oh well...

Donna Smillie / Senior Web Accessibility Consultant, RNIB
Web Access Centre / WAC Blog

Display posts from previous:   

Page 2 of 2

Goto page Previous  1, 2

All times are GMT

  • Reply to topic