NYCPHP Meetup

NYPHP.org

[nycphp-talk] "The Web is broken and it's all your fault."

Keith Casey mailinglists at caseysoftware.com
Wed Sep 20 09:00:41 EDT 2006


On 9/20/06, Kenneth Downs <ken at secdat.com> wrote:
>  There are also some validations the browser cannot easily do.  Lookup
> validations are particularly bad, but format validations like checking for
> an "@" in an email are much easier.

Ah... but *this* is my concern.  Let's say all the browser devs get
together and agree to do this.  Great, everyone wins, right?  No.

*  An error or implementation variation in *any* of them once again
makes our life more difficult...  anyone want to go back to the days
of IE 5?

*  There are a multitude of browsers besides the ones you see in your
server logs.  Many phones have custom proprietary browsers, so we have
Motorola, Microsoft, Mozilla, Verizon, and Samsung all agree to
something which will increase their workloads.

*  Since a browser can be completely bypassed (wget, fsockopen, etc),
we still have to do it on the backend so it saves us zero work.

But here's the danger...  how long would it take for a PHB, newbie, or
lazy developer to say "why are we validating data on the server?  My
browser does it just fine."  And in one fell swoop, we're back to
where we are now... or maybe in an even worse place.

Having a validation layer on the browser (js, whatever) is useful, but
it's not something to depend on for anything...

-- 
D. Keith Casey Jr.
CEO, CaseySoftware, LLC
http://CaseySoftware.com



More information about the talk mailing list