PDA

View Full Version : Security in ExtJS



DarkStarDS
17 Aug 2009, 6:46 AM
People can disable the javascript and send POST queries
directly to our server with bogus information. This always means I
need to do data validation in both JS (client), and doublecheck it in
PHP (server). How does extJS address this issue?
Thank you.

17 Aug 2009, 6:50 AM
How do you expect a javascript framework to detect that javascript is disabled?

17 Aug 2009, 6:50 AM
By the way, it's trivial to create posts requests with command line tools like wget, where a browser is not even necessary!

tryanDLS
17 Aug 2009, 7:07 AM
Perhaps you should read up on web site security. It's always the server's job to validate requests and not assume that anything coming from the client is valid.

17 Aug 2009, 7:09 AM
This is true for any server/client paradigm

DarkStarDS
17 Aug 2009, 7:23 AM
I know that and you are fully right. I take a look to validation extjs components. Then I can do a second validation server side.
Thx

17 Aug 2009, 7:25 AM
OK, so the disabling of javascript is irellevant in this case.

The crux is client side validation. Look at the API for details on that.