那么仅在客户端验证表单是否安全? [英] So is it safe to validate form on client-side only?

查看:60
本文介绍了那么仅在客户端验证表单是否安全?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当然,我知道服务器端验证是必须.

Of course, I know that server-side validation is a MUST.

我使用 jQuery 来验证表单输入并同时使用 jquery ajax 进行服务器端 (PHP) 验证.所以我想这可能是安全的,因为它正在对双方进行验证同时启用 javascript.

I'm using jQuery to validate form inputs and using jquery ajax to do server-side(PHP) validation at the same time. So I guess it may be safe since it's validating for both sides while javascript is enabled.

好吧,这是我的问题...

Well, here is my problem...

但是如果用户在他的浏览器上javascript 被禁用,并且如果一些坏人试图通过编辑我的客户端脚本来做一些坏事怎么办?

But what if the user has javascript disabled on his browser and if some bad guys try to do something bad from editing my client-side script?

因为我正在通过 jquery ajax 进行服务器端验证,并且我计划不直接在 php 脚本中验证它们(action="some.php"),即使启用了用户的 javascript.

Because i'm making server-side validation through jquery ajax, and i'm planning not to validate them directly in php script(action="some.php") even user's javascript is enabled.

那么……它仍然安全吗?

So... does it is still safe?

抱歉我的英语不好,希望你不要介意.

Sorry for my bad english, hope you don't mind.

推荐答案

不,它不安全.您应该始终在服务器端验证您的数据,表单提交之后.提交表单之前的客户端验证和 AJAX 验证只会通过提供对无效数据的更快反馈来增强用户体验.客户端验证和 AJAX 预提交验证都不能也不能保护您免受恶意制作的表单提交.攻击者和滥用者通常甚至不使用浏览器来向您的服务器提交数据.

No, it is not safe. You should always validate your data on the server side, after the form has been submitted. Client-side validation and AJAX validation before submitting the form are only enhancing the user experience, by providing quicker feedback on invalid data. Both client-side validation and AJAX pre-submit validation do not and can not protect you from a maliciously crafted form submission. Attackers and abusers usually don't even use a browser in order to submit data to your server.

这篇关于那么仅在客户端验证表单是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆