Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

How to ensure field validation is performed on client

blessed geek
1 decade ago Jan 27, 2010 12:27pm
Tudor Raneti
1 decade ago Jan 27, 2010 1:03pm
Henri Sara
1 decade ago Jan 27, 2010 1:10pm

I agree in that for security reasons if nothing else, one should not rely on client side validation.

However, if you do want to do some client side validation of text fields (in addition to any server verifications), you can take a look at CSValidation.

An immediate text field sends the value to the server when it loses the focus. A non-immediate text field sends its value when there is some immediate event on the UI, such as clicking on a button. If you do want keystroke by keystroke communication with the server, check the SuperImmediateTextField.

blessed geek
1 decade ago Jan 27, 2010 1:22pm
Kim Leppänen
1 decade ago Jan 28, 2010 5:45am
Sami Ekblad
1 decade ago Jan 28, 2010 6:48pm
blessed geek
1 decade ago Jan 29, 2010 8:48am
Marc Englund
1 decade ago Jan 29, 2010 2:04pm
David Wall
1 decade ago Jan 29, 2010 4:58pm
Marc Englund
1 decade ago Feb 01, 2010 1:21pm
blessed geek
1 decade ago Feb 03, 2010 12:50am
David Wall
1 decade ago Feb 03, 2010 1:35am

Good grief, you have some sensitive information with high value targets....seems like the web is not the place for such communications.

I have no idea what the rest of the world is using, but most US SSL uses 128-bit or 256-bit AES these days, and I've not heard of any exploits yet, though as you suggest, if there were a nasty party who did break it, they wouldn't tell us. SSL will use the same key during the entire session, but of course you'll get a new one the next time you visit the site.

But still, if your users' lives depend on you doing client-side validations to avoid additional network traffic that will enable the crack, it seems like they either need to stay on your site a very short period of time or they'd be toast just by using it for any length of time where regular network traffic would take place (outside of validation).

But it sure is amazing that you have to be that concerned about security whereas financial institutions and commerce sites seem unconcerned and just go ahead with SSL (turning off weak ciphers in most cases -- anything below 128-bit is typical to block). Seems like they'd just crack your server than try to defeat user's SSL sessions.

Good luck, and don't give me your URL since I don't want to visit a site under such cracking scrutiny :wink:

Kim Leppänen
1 decade ago Feb 03, 2010 6:11am
blessed geek
1 decade ago Feb 15, 2010 10:06am
Henri Sara
1 decade ago Feb 15, 2010 11:32am