in reply to Re: The art of error handling
in thread The art of error handling
It's true that it's often more usable to have the interface
permit only valid input to be expressed*--rather than
accepting anything and emitting error messages later--but
remember that you need to leave the server-side verification
in place for security.
Clayton probably knew this, but client-side error checking is risky on it's own since everything running on the attacker's machine is under his control, including his copy of your HTML and javascript.
* the exceptions that prove the rule
|
---|
In Section
Seekers of Perl Wisdom