Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialChristian Damm
26,486 PointsSecurity and Validation
I still have some problems in using Javascript for validation in general. Is it really good practise using this client language to handle important security issues like form input validation? In my point of view using a server side language like PHP makes more sense.
What is best practise here? Maybe most programmers handle this in combination to get security and user experience together? Thanks and regards, Christian D.
1 Answer
LaVaughn Haynes
12,397 PointsI use a combination of the two. I view javaScript not as much as a validator but a pre-validator. I perform checks on the front end BEFORE it's sent to the server to improve user experience and decrease requests to my server. I'm still going to take every possible precaution on the server to make sure that what the user provided is legit. There is no point in sending data that I know is bad to my server though, or making the user wait that extra 2 or 3 seconds when javaScript already knows it's bad before they even submit it. That's my view.
Andrew Robinson
16,372 PointsAndrew Robinson
16,372 PointsSo validation and security are two different ball games, like LaVaughn said, you want to do client-side validation (it makes sense) to make sure whatever the user enters is in the correct format specified, and doing validation on the server would be creating so many requests it wouldn't be the best experience for the user.
As for security, you're right, you definitely want to do any salting/hashing on the server, otherwise the client can see what's going on and whatever the client can see, any malicious software can see too.
But what if I told you that JavaScript, can also run on the server side (using node.js) and with that you can do secure data for storage.
JavaScript can run client side and server side, yup.