Is JavaScript validation sufficient to protect my forms?

Question

Is JavaScript validation sufficient to protect my forms?

I am creating a website and I have questions with forms on the login / registration page. I have some standard javascript confirmations on the login page. My questions are: should the login button be disabled if javascript is disabled or should I store PHP checks on the server side?

What is the best security approach? I plan to leave the login / registration button disabled and enable it only with javascript. That way, I can avoid writing a check on the PHP side of the same JavaScript that already exists. Is this a safe way to do this?

thanks

+4

javascript html security php forms

Gaurav mehta Aug 12 '13 at 23:20

source share

6 answers

castis · Answer 1 · 2013-08-12T23:23:26+0000

In general, use PHP. Javascript can be easily fooled and / or completely disabled. At this point, your server will be shipped with any desired end-user user, and you will not stop them.

Use PHP to check, and if you want it to look fantastic, put javascript on top. But ALWAYS the server side checks.

Kristian · Answer 2 · 2013-08-12T23:29:17+0000

As a rule, everything related to security or preventing the behavior of a particular user does not rely on javascript or CSS to prevent something from happening on the page. Since scripts and css can be overridden or disabled in the browser, you will not have protection from this behavior if they do.

Server side is the right place to implement precautionary measures.

In addition, note that doing this is very pleasant for users, but the server side is the only final place to prevent unwanted data doing this.

Andrew Moore · Answer 3 · 2013-08-12T23:29:32+0000

Each client-side check MUST be replicated on the server side for security. Client-side scripts can be easily replaced by an attacker to completely bypass your check, and buttons can be easily resolved using web debugging tools.

However, for user convenience, sometimes client-side verification is also required. In this case, you should check both server-side (PHP) and client-side (Javascript).

Rakshit · Answer 4 · 2013-08-12T23:22:40+0000

PHP side validation is better.

user2625787 · Answer 5 · 2013-08-12T23:26:20+0000

Client-side validation is NOT safe, as it can be easily cracked. This is for user convenience only. For example, in response to a client-side check, a user can correct errors before submitting the form. This saves the user time and they value your site.

Security check must be performed on the server

Skaparate · Answer 6 · 2013-08-12T23:40:47+0000

You should check your data on the server and analyze its responses using Javascript. Use Javascript to add / remove HTML content and create better user interfaces.

Always keep this in mind: what happens if a user disables Javascript in their browser?

Is JavaScript validation sufficient to protect my forms?

More articles: