cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gunter D'Hondt <gunter.dho...@sofico.be>
Subject Re: AJAX and Cocoon - Design Patterns
Date Tue, 04 Oct 2005 07:08:26 GMT
I think this is still the biggest gap in CForms compared to Struts... 
meaning clientside validation auto generated from the form definition






"Derek Hohls" <dhohls@csir.co.za> 
04/10/2005 08:34
Please respond to
users@cocoon.apache.org


To
<users@cocoon.apache.org>
cc

Subject
Re: AJAX and Cocoon - Design Patterns






Ralph
 
Can you expand a bit on that statement - "you can 
define a single set of validation criteria that is used to generate 
whatever validation is performed both client side and server side"
 
Do you mean that you are generating =Javascript= from the CForms
definition file/s, to be loaded with the form so that validation can be 
done in the user's browser before the form is submitted?
 
If so, could you show a small snippet of sample code - if not,
could you perhaps explain a little further?
 
Thanks
Derek

>>> Ralph.Goers@dslextreme.com 2005/10/03 10:04 PM >>>


Johannes Textor wrote:

>Hi Ralph,
>
> 
>
>>Johannes,
>>If you actually do this you will be creating a website with a big
>>security hole. Anyone would be able to send fake requests to your
>>server with bogus data. Client side validation is nice - it gives a
>>faster response to the user and does take a load off the server as
>>only valid requests SHOULD make it to the server. However, the server
>>must still also perform data validation as someone could log in and
>>then start sending bogus requests to you.
>> 
>>
>
>I see your point, but the mentioned pipeline resides in a subdirectory
>which is protected via the authentication framework. Furthermore, all
>requests are checked for integrity and validity before execution (in the
>custom actions), to avoid data loss in case that something weird happens
>on the client side. So I think this is no less secure than CForms
>validation, for example.
>
>Regards,
>Johannes
>
> 
>
No, it certainly doesn't have to be CForms validation. But it sure is 
nice when the validation on the client side and on the server side are 
done using a common set of definitions. By this I mean that you can 
define a single set of validation criteria that is used to generate 
whatever validation is performed both client side and server side. So 
if you have to add a new parameter you can just add it in one place and 
there is no danger of the client and server getting out of sync.

I have found that Cocoon is most helpful in that kind of scenario as you 
can use a common generator with different transformers.

Ralph

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org 
For additional commands, e-mail: users-help@cocoon.apache.org 




-- 
This message is subject to the CSIR's copyright, terms and conditions and
e-mail legal notice. Views expressed herein do not necessarily represent 
the
views of the CSIR.
 
CSIR E-mail Legal Notice
http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html 
 
CSIR Copyright, Terms and Conditions
http://mail.csir.co.za/CSIR_Copyright.html 
 
For electronic copies of the CSIR Copyright, Terms and Conditions and the 
CSIR
Legal Notice send a blank message with REQUEST LEGAL in the subject line 
to
HelpDesk@csir.co.za.


This message has been scanned for viruses and dangerous content by 
MailScanner, 
and is believed to be clean.  MailScanner thanks Transtec Computers for 
their support.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message