为什么客户端验证还不够? [英] Why is client-side validation not enough?

问题描述

我在这里看到:

您可能已经知道，依赖仅在客户端验证是一个很糟糕的主意.始终执行适当的服务器端验证作为嗯.

As you probably already know, relying on client-side validation alone is a very bad idea. Always perform appropriate server-side validation as well.

您能解释一下为什么必须进行服务器端验证吗?

Could you explain why server-side validation is a must?

推荐答案

客户端验证 - 我假设您在这里谈论的是网页 - 依赖于 JavaScript.

Client-side validation - I assume you are talking about web pages here - relies on JavaScript.

JavaScript 驱动的验证可以在用户的​​浏览器中关闭，由于脚本错误而失败，或者不费吹灰之力就被恶意绕过.

JavaScript powered validation can be turned off in the user's browser, fail due to a scripting error, or be maliciously circumvented without much effort.

另外，整个表单提交过程都可以伪造.

Also, the whole process of form submission can be faked.

因此，永远无法保证到达服务器端的数据是干净安全的.

Therefore, there is never a guarantee that what arrives server side, is clean and safe data.

这篇关于为什么客户端验证还不够?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！