Do not rely on client-side validation

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Do not rely on client-side validation because it can be easily bypassed. While you may have control over the source code for the clients that call your service, clients can be reverse engineered or built from scratch to attack your service. Use client-side validation to reduce round trips to the server and to improve the user experience, but always use validation in the service itself to perform security checks.

Last edited Apr 16, 2008 at 11:50 PM by prashantbansode, version 1

Comments

No comments yet.