为什么客户端验证还不够? [英] Why is client-side validation not enough?
问题描述
我在这里看到:
您可能已经知道,依赖仅在客户端验证是一个很糟糕的主意.始终执行适当的服务器端验证作为嗯.
As you probably already know, relying on client-side validation alone is a very bad idea. Always perform appropriate server-side validation as well.
您能解释一下为什么必须进行服务器端验证吗?
Could you explain why server-side validation is a must?
推荐答案
客户端验证 - 我假设您在这里谈论的是网页 - 依赖于 JavaScript.
Client-side validation - I assume you are talking about web pages here - relies on JavaScript.
JavaScript 驱动的验证可以在用户的浏览器中关闭,由于脚本错误而失败,或者不费吹灰之力就被恶意绕过.
JavaScript powered validation can be turned off in the user's browser, fail due to a scripting error, or be maliciously circumvented without much effort.
另外,整个表单提交过程都可以伪造.
Also, the whole process of form submission can be faked.
因此,永远无法保证到达服务器端的数据是干净安全的.
Therefore, there is never a guarantee that what arrives server side, is clean and safe data.
这篇关于为什么客户端验证还不够?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!