303

November 23rd, 2020 × #Security#Validation#Client#Server

Hasty Treat - Client vs Server Data Validation

Discussion on validating data on the client vs the server, with examples of manipulating client validation and the importance of server-side validation for security.

or

In this Hasty Treat, Scott and Wes talk about client- and server-side validation, and what each is used for!

Netlify - Sponsor

Netlify is the best way to deploy and host a front-end website. All the features developers need right out of the box: Global CDN, Continuous Deployment, one click HTTPS and more. Hit up netlify.com/syntax for more info.

Show Notes

02:49 - Wes' story

06:28 - What is the role of client-side validation?

  • Help the user input the correct data as they type it.
  • Show correct data in UI.
  • Show correct UI.
  • Just about all of these things are for the user's benefit, and how they feel when using the site.

11:10 - What is the role of server-side validation?

  • Validate that all the data is correct before it's saved to the database
  • Security first and foremost

15:03 - What process should a store follow to validate on the server?

  1. Check that correct types are coming in. Very easy with Graphql.
  2. Get current stock and price information from unique ids from the database.
  3. Confirm that this information is what the user is expecting — if the UI said the user will be charged $40, don't charge them $50 just because of the updated info. In that case, send back to the user.

17:17 - What do you do if you don't want people messing with your React state?

  • @fvilers/disable-react-devtools
  • if (process.env.NODE_ENV === 'production') disableReactDevTools()
  • We do this on LUT. Why? Because it's a deterrent.

Links

Tweet us your tasty treats!