I had a meeting with my friends this afternoon and communicated with them briefly. Here I would like to share my understanding of this topic with you in detail. If I were to summarize my thinking, it would be this: front-end validation is necessary for data validation, but back-end validation must exist.
What is data validation
Data verification is actually data validity verification, for example: the user name or address is correct, the format is correct and so on.
Why data verification is required?
Basically, it can be opened for the following requirements:
1. Restrict user input
2. Obtain real user information
3, humanized verification, improve user experience
4. Protection of their own systems
The difference between front-end and back-end authentication
Front-end verification: it can provide users with quick feedback and quick response, so that users can detect the illegality of the data filled in in time. Basically with JS script code, do not need to submit data to the remote server. For example, mouse up will have a prompt effect, mouse away, will immediately tell you whether the data is legitimate and so on.
Back-end validation: No matter what is entered at the front end, ensure that all data sent by the front end to the server for final processing is valid to avoid server-side vulnerabilities or undeserved exceptions. For example, the normal process is for users to authenticate their identity before performing certain operations, but API calls do not require authentication and can directly perform related operations and perform various permissions after authentication.
Principles of data verification:
1. Front-end validation can be incomplete, but back-end validation must be robust
Two reasons:
(1) Front-end validation can be bypassed by some tools. Back-end validation is the defense line to ensure data validity.
(2) Front-end verification has limitations. For example, identity information or credit information needs to be verified by calling third-party API.
2. Front-end validation is also important to optimize the user experience
Front-end verification can quickly provide corresponding prompts without submitting data, improve user experience, reduce the number of calls on the server, and reduce pressure.
A summary
Front-end validation is convenient for users, but it does not guarantee security and can be easily bypassed. Therefore, for a secure data validation scheme, back-end validation is a must, and must be taken into account with every API call.
Scan the QR code or manually search wechat public account [architecture stack] : ForestNotes
Welcome to reprint, bring the following QR code