Seconded. One of the best bits of advise I ever got is, "if you have a validation on the client, re-validate on the server".
The JSR validation makes it easy to be sure validation is consistent, but I've not tried it now that the validation is a library.
On Thursday, March 2, 2017 at 5:27:59 AM UTC-6, salk31 wrote:
-- The JSR validation makes it easy to be sure validation is consistent, but I've not tried it now that the validation is a library.
On Thursday, March 2, 2017 at 5:27:59 AM UTC-6, salk31 wrote:
Basically you can't trust the client or the client code... If that is what you mean?Unless all clients and network access is tied down by you (very rare) then you must not trust anything coming in... need parse carefully, check permissions..
On Thursday, March 2, 2017 at 7:01:18 AM UTC, gitzzz wrote:Hi! I use RequestBuilder for client-server communication. And I have some questions:
For example we make http request to ".../get.php"(function(), select some data from DB and send it back). Response is an array[1,2,3,4,5]
On client side onTheButtonClick we can change the data, the new_array[1,3,6,8,9], and now we need to send this changes to DB. And onSaveButtonClick() we make http post request to ".../set.php" with parameters = new_array
The question is: does it safe? Is it possible that anybody authed user can make this call by creating JS script with http post request and send his own(fake) data?(e.g. fake_array[10,20,30,23,12]) without clicking a button. How can I send change data from client side to a server safely?
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment