This project is read-only.

Do Not Rely on Client-side Validation

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Do not rely on client-side validation because it can be easily bypassed. While you may have control over the source code for the clients that call your service, clients can be reverse engineered or built from scratch to attack your service. Use client-side validation to reduce round trips to the server and to improve the user experience, but always use validation in the service itself to perform security checks.

Last edited Jun 12, 2008 at 11:19 PM by prashantbansode, version 1


No comments yet.