JavaScript验证足以保证我的表单安全吗? [英] Is javascript validation enough to keep my forms secure?
问题描述
我正在建立一个网站,并且在登录/注册页面上有表单问题。我在登录页面上有几个标准的JavaScript验证。我的问题是我应该禁用登录按钮,如果javascript被禁用,或者我应该保持PHP验证服务器端代码?
I am building a website and I have a questions with forms on login/registration page. I have a few standard javascript validations on the login page. My questions is should I just disable the login button if javascript is disabled or should I keep PHP validations on the server side code?
这是一个更好的安全方法?我打算保持登录/注册按钮被禁用,并且只能通过javascript启用它。这样我就可以避免编写已经存在的相同JavaScript的PHP端验证。它是一种安全的方式吗?
Which is a better approach in terms of security? I am planning to keep login/registration button disabled and only enable it by javascript. That way I can avoid writing PHP side validation of the same JavaScript that is already there. Is it a secure way of doing it?
谢谢
Thanks
推荐答案
总的来说,使用PHP。 JavaScript很容易被愚弄和/或完全关闭。此时,您的服务器将获得恶意最终用户希望您拥有的任何内容,并且您不会阻止它们。
Overall, use PHP. Javascript can be easily fooled and/or turned off entirely. At that point your server gets supplied with whatever Mr Malicious End User wants you to have, and you won't be stopping them.
使用PHP进行验证,如果您希望它看起来很花哨,把JavaScript放在最前面。但总是服务器端验证。
Use PHP for validation, and if you want it to look fancy, put javascript on top. But ALWAYS server-side validate.
这篇关于JavaScript验证足以保证我的表单安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!