Monday, 29 February 2016

Client Side Validation

Trust No OneIt cracks me up when I stumble upon an application that trusts anything coming from the user. Especially when that user is me :)

If given the opportunity, my browser will happily send your application whatever I tell it to. It’s up to you to actually make sure I’m not lying…

If I’m making calls to a webservice that only admins would be calling from you app, make sure I’m an admin before performing the action… Or instead of relying on client-side javascript to calculate the order’s total, for example, maybe do that on the backend instead…

Remember devs…. Trust No One.