I wanted to learn about the tasks of each type of filtering ..

  1. What exactly is filtered on the client side?
  2. What exactly is filtered on the server side?
  3. What could be the goal of filtering the client side?
  4. What could be the purpose of filtering the server side?

If anyone can provide links to code examples for understanding 1-4, I will be grateful.

Closed due to the fact that it is necessary to reformulate the question so that it is possible to give an objectively correct answer by the participants Yuriy SPb , fori1ton , aleksandr barakin , cheops , Streletz 9 Jul '16 at 7:36 .

The question gives rise to endless debates and discussions based not on knowledge, but on opinions. To get an answer, rephrase your question so that it can be given an unambiguously correct answer, or delete the question altogether. If the question can be reformulated according to the rules set out in the certificate , edit it .

    2 answers 2

    The types and assignments of filtering depend on the type of clients / servers, but if we are talking about JEE, I will assume that the client is a browser and the server bean serves the facelet page.

    "What exactly is filtered on the client side?"

    All that can be filtered. Filtering can completely coincide with the server. This test is the so-called "protection against a fool", the purpose of which is to help the user correctly "arrange" the request.

    "What exactly is being filtered on the server side?"

    It is necessary to filter everything. Server-side filtering is a check that data in the correct format gets into the algorithm and, first of all, that data from the user cannot harm the server or lead to unauthorized access and any other security problems.

    "What could be the goal of filtering the client side?"

    First of all, reducing the load on the server (http traffic, request processing, etc.). Among the secondary reasons we can call the acceleration of validation - for example, it is not necessary to send a form and wait for an answer.

    "What could be the purpose of filtering the server side?"

    The guarantee that an error in obtaining incorrect data will be detected as quickly as possible (and not in the middle of the calculation process), and that the data will not compromise the security of the server.

    Reference to what and how to validate (material in English).

    • Excellent answer ATP! It is necessary to find on GitHub code samples from projects on this topic .. - Maks.Burkov 6:22 pm

    Here a very broad answer can be given. Well, firstly on the server side everything related to information security is filtered (valid input, for protection against sql queries, for example). The number of calls to the server, questionable actions, etc. And just as different parameters are validated so that the system does not suddenly fall, for example, the user decided to upload a file of 1000 gb in size :) What is filtered on the client? Exactly the same as on the server, but the goal is different. On the client, we firstly tell the user where he could be mistaken, and secondly, do not send extra (rejected) requests to the server so as not to download it once again. Those, in theory, if there were no intruders and filtering on the client side would always work - we would have had enough of it.