[Catalyst] RFC: HTML::Widget / Ajax / Catalyst

Nilson Santos Figueiredo Junior acid06 at gmail.com
Thu May 4 23:40:49 CEST 2006


On 5/4/06, Brandon Black <blblack at gmail.com> wrote:
> Even with client-side validation, in most cases you still want
> server-side validation too, especially if the validation has security
> implications (as anyone can modify/bypass your client-side JS and send
> direct responses to the server themselves).

I didn't consider scraping server-side validation at the final "post"
for a second Client-side validation is just a means of improving user
experience not actual security. The thing is that some constraints
would need server-side pre-validation (i.e. callback based
constraints).

-Nilson Santos F. Jr.



More information about the Catalyst mailing list