I have read a few comments against doing validation using
JavaScript, and when I found a page that seems to do validation using
POST I wondered what would happen if I pasted a long sentence from the
same page in the login box. I got a message of: 'HTTP 500.100 Internal
Server Error'.
Is this a problem of validation with POST, or just of the setup of
their server?
Page where it happened:
<http://customer.dynix.com/users/logon.asp>
Thanks.
Geo
4  1767 
On 06/10/2005 15:45, "GEO" Me@home.here wrote: I have read a few comments against doing validation using
JavaScript [...]
Care to identify those comments?
There is no problem with employing client-side validation (when done
well). The issue lies with relying on such a scheme. As client-side
scripting can be either disabled or circumvented, omitting server-side
checks could lead to security vulnerabilities, as well as errors thrown
in server-side code if you assume that all erroneous data will have been
rejected. There are also cases where client-side checking is infeasible.
[...] I found a page that seems to do validation using POST
One doesn't perform input validation using POST. It's a HTTP transfer
method (along with GET, HEAD, PUT, etc.)
I wondered what would happen if I pasted a long sentence from the
same page in the login box. I got a message of: 'HTTP 500.100 Internal
Server Error'.
Is this a problem of validation with POST [...]
No, of course not. Every form you encounter on the Web should be
employing server-side checks, and most of those forms will be sending
their data to that server using the POST method.
[snip]
Mike
--
Michael Winter
Prefix subject with [News] before replying by e-mail.
On Thu, 06 Oct 2005 15:22:46 GMT, Michael Winter
<m.******@blueyonder.co.uk> wrote: On 06/10/2005 15:45, "GEO" Me@home.here wrote:
I have read a few comments against doing validation using
JavaScript [...]
Care to identify those comments?
There is no problem with employing client-side validation (when done
well). The issue lies with relying on such a scheme.....<snip>
I guess a more careful wording would have said 'relying' -as you
did, but I am still trying to get used to this terminology.
One doesn't perform input validation using POST. It's a HTTP transfer
method (along with GET, HEAD, PUT, etc.)
<snip> Is this a problem of validation with POST [...]
No, of course not. Every form you encounter on the Web should be
employing server-side checks, and most of those forms will be sending
their data to that server using the POST method.
Thank you.
Geo
"GEO" Me@home.here wrote: I have read a few comments against doing validation using
JavaScript, and when I found a page that seems to do validation using
POST I wondered what would happen if I pasted a long sentence from the
same page in the login box. I got a message of: 'HTTP 500.100 Internal
Server Error'.
Is this a problem of validation with POST, or just of the setup of
their server?
Page where it happened:
<http://customer.dynix.com/users/logon.asp>
Thanks.
Geo
Geo,
I agree with everything Mike said. In addition:
The Internal Server Error indicates that the code at the server failed
to adequately check the input from the form. In this case, it allowed a
very long input (the sentence you copied) where only a short one (an ID
or password) was expected. The most likely result is that the long data
was stored into a short field and slopped over the top of adjacent data
that was important. Things went downhill from there.
Every time a programmer makes an assumption, a system dies somewhere.
Chris Beall
On Thu, 06 Oct 2005 18:18:10 GMT, Chris Beall
<Ch*********@prodigy.net> wrote: "GEO" Me@home.here wrote: I have read a few comments against doing validation using
JavaScript, and when I found a page that seems to do validation using
POST I wondered what would happen if I pasted a long sentence from the
same page in the login box. I got a message of: 'HTTP 500.100 Internal
Server Error'.
Is this a problem of validation with POST, or just of the setup of
their server?
Page where it happened:
<http://customer.dynix.com/users/logon.asp>
Geo,
I agree with everything Mike said. In addition:
The Internal Server Error indicates that the code at the server failed
to adequately check the input from the form. In this case, it allowed a
very long input (the sentence you copied) where only a short one (an ID
or password) was expected. The most likely result is that the long data
was stored into a short field and slopped over the top of adjacent data
that was important. Things went downhill from there.
Every time a programmer makes an assumption, a system dies somewhere.
Thank you.
Geo This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: TG |
last post by:
Dear PHP Group,
I have two forms that are used to collect user information. The first one
takes user inputted values such as fullname, city, address etc. I want these
values to display in the...
|
by: dmcconkey |
last post by:
Hi folks,
I have a client with four websites. Each site has a contact form that
is identical. They all have "required" fields validated through a
JavaScript onSubmit() function. Upon validation,...
|
by: wumingshi |
last post by:
Hi,
When validating an XML instance, sometimes the schema is not enough to
expression the validation rules. Additional validation rules may be
expressed in an application-specific way. For...
|
by: wk6pack |
last post by:
Hi,
How do you check for a empty value from a form?
lservice = request.form("pservice")
if not isnull(lservice) then <== this doesnt work.
tried "" empty string and it still didnt work....
|
by: Gary Vidal |
last post by:
I have a client side Javascript which checks an OrderQuantityField against a hidden Textbox of the Minimum Order Quantity. I dont want to do validation on a postback. I would like to be able to...
|
by: Sta12s |
last post by:
First of all, I have NO idea what I'm doing - I'm a complete newb to
Javascript and PHP so my code is going to look like crap ;)
Now for my problem,
I'm trying to do a little quiz with...
|
by: rynato |
last post by:
I have a form which the user fills out to enter some data.
If there already exists an uncompleted session - say, the user started
entering some data but had to stop to do something else - the...
|
by: =?Utf-8?B?QWxleCBNYWdoZW4=?= |
last post by:
I am trying to create ASPX code which will allow me to redirect a user to
another site with POST data. I figure that the best way to do this is with
JavaScript to the client. Here's what I'm doing:...
|
by: alakazamm |
last post by:
I am building a database on Access 2000 which include a Customer Details table. In this Customer Details table there is a 'Post Code' field which I am required to make an Input Mask to limit the...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
