Re: form validation
Re: form validation
- Subject: Re: form validation
- From: John W Baxter <email@hidden>
- Date: Wed, 13 Mar 2002 14:28:11 -0800
At 2:12 +0000 3/13/2002, has wrote:
>
>I recommend Javascript for html-form validation before submission to any
>
>CGI. Validation in Javascript is easier and earlier (client-side).
>
>
Client-side JS -based validation would be good for augmenting server-side
>
validation with the sort of convenient and sophisticated 'popup warnings'
>
[1], etc that Jessica is looking for. It should _not_ be considered a
>
replacement for it though, as you _cannot_ assume that all clients will
>
have javascript-enabled browsers (or browsers with JS disabled [2]).
And client side validation *most assuredly* should not be done the way Bell
Atlantic did it.
You asked their web-based account information system for your account (by
phone number). Server sent back a JavaScript page which would validate
your access to that number's information. Included was all the information.
So you just had to ask about some number (listed or not) and read the
returned script to get the subscriber information. The obvious: name,
address, amount due, payment history, etc, and the not-so-obvious, such as
the "problem customer" flag (those who protest too much).
So a great noise arose in the land, and "they" fixed the problem. By
removing the link(s) to the page with the problem, but leaving the page.
So anyone who knew the URL could *still* access other people's data.
"They" is in quotes there for not the usual reason: while all this was
going on, the Bell Atlantic merger into Verizon was completed. The news
coverage of the web problem was more effective at getting the new name to
the customers than was Verizon's expensive ad campaign.
Don't do this at home, kids. ;-)
--john
OH...and it was no doubt possible to write an AppleScript script to gather
information for a group of numbers. There. Whew! ;-)
--
John Baxter email@hidden Port Ludlow, WA, USA
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.