this is a question that hasn't directly been asked yet..
I develop for a company which serves millions of web customers per year. Many of our web applications were written years ago (and with bad practice) that relies entirely on java-script for the pages to work, most notably web form validation.
Plus, adding in an opening and closing tag and a re-direct can be developed in 5 seconds whereas server validation requires a lot more time and money.
What're your thoughts??
What is the real advantage of server validation if we now have noscript besides the 1% of users who will just have to enable their scripting?
noscript tags. One thing not having server side validation is that it open up sql injection attacks as well.
Server validation cannot be disabled or bypassed by clients, whereas client side validation can.
- security risks
- data integrity risks
- reputation risks
- financial risks
to your client.
If it does, then you need server side validation asap, before someone attacks your site.
- Log the amount of people who hit the noscript page. Using this data, you can give a potential value for revenue not gained because of a lack of server-side validation. Bosses are usually fluent in the language of money.
- Potential SQL injection and other security issues are also very problematic. You should at least clean your values from your form, even if you don't validate them.
- Data integtrity could be compromised. Sometimes your scripts might fail, but they'll pass the noscript check. Without server-side validation, the data has less of a guarantee to be what it should.