which validation type are better?

Question

2.00/5 (1 vote)

See more:

Hi Guys,

Recently i read the article on database validation for common regular expression like email, phone number and URL etc.

i would like to get some opinion on these three, which is better? or which combination is better? to make your code secure.

1) client side validation using j Query,JavaScript.
-> fast , UI can be manage properly using j query css
-> can be break by security software like burp
2) server side validation using required / regular expression validation
-> somewhat secure to burp like tools.
-> can be heavy if we have lot of validation control on single form
-> code can be lengthy if we have lot of validation / data annotation rules / other custom business logic related code.
3) database validation
-> provide more security
-> require custom error handling setup to manage proper UI
-> one time code for user define function
-> every time requires a round trip to server.

Now, we already know that database already doing some kind of validation based on column datatype and constraint like unique key etc. in this case is it okay to avoid code side validation directly and / or how we should manage this?

Posted 26-Jan-16 19:47pm

ravikhoda

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2016-01-26T20:19:00

"Better" is the Boolean operator you still have to define on the set of techniques, but I doubt you can do it. Better for what? It makes your question invalid.

All types of validation have its importance. In every specific case, certain subset of them should be used, ranging from "none of them" to "all of them". But you've built the set of techniques not quite correctly. The mistaken one is about the server-side validation. You should have written just "server-side validation". Depending on the validation criteria you may or may not use Regular Expression or something else. By the way, asking questions on how to use Regular Expression for some criteria where this technique it totally unsuitable is one of the typical mistakes we often see on this forum.

—SA

BillWoodruff · Answer 2 · 2016-01-26T21:05:00

I think the choice of techniques will depend on the current context, and the "probable anticipated future" context(s).

By context, I mean:

1. location: of database, users, code: highly-secured intranet / network share ? open network subject to hacking ? etc.

2. users: limited, unlikely to increase ? load will vary greatly in an unpredictable way ? it is certain the load will increase predictably, or unpredictably ? extreme scaling required from the start ?

3. code and administration: predictably excellent ? outsourced and perhaps irregular support, monitoring ? code-base/database subject to hacking ? best-in-breed industrial security procedures required ?

4. hardware: users' pc's, server hardware ... capacity, performance, reliability.

which validation type are better?

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0