>Of course we should! And let's dry up all the water because people drown >too. > >No but seriously, part way through my post I conceded that if it's used for >usability purposes, client-side validation is not a problem. But if someone >thinks that it's a security measure, they are mistaken. > >Until I see that it's more common for people to use client-side validation >as a usability tool I'll probably always bring up the fact that it can not >be used as a security measure.
The "client-side validation is not security" point is always one of the first points I bring up when I do a presentation on client-side validation. I always stress that server-side is absolutely required and that client-side validation is for the benefit of the user experience. I then go on to show how quickly we can validate most forms using existing tools... -Dan
