[nycphp-talk] Client vs. Server programming
csnyder
chsnyder at gmail.com
Thu Sep 21 17:58:35 EDT 2006
On 9/21/06, LK <lk613m at yahoo.com> wrote:
> I've spent some time developing proficiency in JavaScript and AJAX. Every time
> I try to go to the server PHP programming, I end up scratching my head asking
> why would anybody program on the server?
Well, you're assuming that you have some degree of control over what
implementation of Javascript is running in the browser, and that it
will work the way you expect. These days it seems pretty stable
(disregarding Safari for a moment) but you don't have to go too far
back in the day to find when it wasn't.
Ajax is great, go for it. But as we hashed out on a recent thread
here, don't trust the browser to validate stuff for you, because there
are plenty of ways to submit data to your server that don't involve a
browser or javascript at all. So some programming HAS to be server
side, or you leave yourself wide open to attack.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list