Friday, 26 December 2014

ASP.NET Tips #8 - Always perform validation on the client and server as well

To avoid unnecessary round trips to the server, validate form entries on the client using JavaScript before posting them. This provides quick feedback and makes your application feel more responsive. Always make sure you explain your validation errors as well. If you use complex password rules or regex patterns, include a message to explain what the rules are to prevent user frustration.

This isn't exactly a performance tip but rather a security tip for when people think that they could improve performance by cutting out server-side validation. These days, client-side validation can be bypassed with ease, so you can't trust what comes from the browser. So if you think you can save some processing cycles and bypass these steps, don't, as you're actually opening massive security holes.

No comments :

Post a Comment