How?

Users cannot modify your documents on the server.

Users can disable javaScript in their browser to avoid validation.

Users can save HTML and javaScript on their own machine, modify it and use it to send requests to your server.

You cannot stop users disabling javaScript in their browser, but you could desing the page so that it will not funtion if they do.

You can encrypt HTML and javaScript using a 3rd party service, however this relies on this 3rd party to de-crypt the information online. This results in slower pages, and, if their service fails then so does yours, so its not recomended.

What is better is to do the validation in JSP, on your server, where no one can mess around with it, better still do both.

Use javaScript to reduce the amount of incorrect requests (load on your server), and saving users time (waiting for response with error messages).

Then use JSP to make sure there was no cheating!!

angrycata at 2007-7-14 18:23:34 >

You can't.

Once its on client side it is completely out of your control.

All you get from the browser is a request with name=value pairs.

>finally it is to avoid the unnessary server side validation....

Server side validation is ALWAYS necessary.

Client side validation is useful to make the user experience better (less round trips to the server) but you can never count on it.

So yes, do your client validation. But then check it server side too.

You can never trust the client.

evnafetsa at 2007-7-14 18:23:34 >