Greeting. as I said is' it safe because I need to login form with HTml, css and javascript to connect to mysql. if the user is authorized he can log in and if he not he cannot or should I learn a framework.
Asked
Active
Viewed 479 times
0
-
It's perfectly safe to validate client-side for user convenience and responsiveness, but you have to validate server-side too. – Pointy Dec 16 '16 at 01:10
3 Answers
2
JavaScript is good for simple client-side validation such as restricting format, or performing automatic formatting. However, being a client-side language, it can be disabled or altered by the end user. So, regardless of any validation you would perform with JavaScript, you should still perform validation on the server-side of any incoming data.
Ideally, you would be using a server-side language, such as PHP for example. Any user data posted, or otherwise sent, to your server should be validated there to prevent malicious content from getting through. One of the most important methods, when interfacing with a database, is using parameterized queries. Using parameterized queries enforces proper data-types and prevents SQL Injection attacks.
In short, to answer your question: No, relying strictly on JavaScript is not a safe way to validate user input as there is no way to control or enforce client-side operations. In a very general way, JavaScript should only be used for enhancing a users experience, or performing trivial operations that would be validated, securely, via the server-side code-base.
gmiley
- 6,531
- 1
- 13
- 25
0
The client-side can be used for simple validations but should be considered insecure as, per gmiley's response, client-side execution can be manipulated.
It would additionally be insecure to allow the client to connect directly to the database.
An authentication/authorization middleware should be used between the client and database. This middleware would be responsible for serving authentication/authorization requests from the client through secure validations; e.g. connecting to the database and retrieving relevant data for server-side validation.
-
-
@junkfoodjunkie You most certainly can: http://stackoverflow.com/questions/857670/how-to-connect-to-sql-server-database-from-javascript-in-the-browser but the situations where you would actually **want** to would be extremely few and far between as that is just one gigantic gaping security hole. – gmiley Dec 16 '16 at 03:00
-
Okay, fine, you can use the hunk of junk IE, or node.js or similar... however, that is a limited scope (for IE) and node.js is strictly run from the server (for the actual connections). I stand by my statement that you really can't, given that I set a definition of "should work in all browsers, no limits". Also, of course, it's plainly insane. – junkfoodjunkie Dec 16 '16 at 03:07
0
Can not its secure because whenever you disable JavaScript of browser it doesn't work for you. And user can submit any value. So severside validation is best for secure environment.
Hanumant
- 92
- 7