在后端重新验证数据?

huangapple go评论69阅读模式
英文:

Revalidate data on backend side?

问题

我正在创建一个日程安排应用程序。
教师、学生和汽车。

Spring + DB + React

目前的设计方式是这样的:

添加新的行程看起来像这样:

  • 1 选择学生(从数据库中提供自动填充)
  • 2 选择时间范围
  • 3.1 从列表中选择在该时间范围内没有任何行程的教师(2)
  • 3.2 从列表中选择在该时间范围内没有任何行程的汽车(2)

在这一步之前,所有内容都通过Spring中的存储库进行查询(例如,提供在该时间范围内可用的教师)。在将其保存到存储库/数据库之前,我应该在后端再次验证收到的行程吗?

英文:

I'm creating a schedule app.
Teachers, students and cars.

Spring + DB + React

The way it's designed right know:

Adding new ride looks like this:

  • 1 Select student (autofill provided from database)
  • 2 Select time
    range
  • 3.1 Select teacher from list who doesn't have any ride in that time range (2)
  • 3.2 Select car from list which doesn't have any ride in that time range (2)

Till this step everting works by Queries (e.g. provide teachers that are available in that time range) through Repository in Spring.
Should I validate received Ride once again on backend before saving it to repository/database?

答案1

得分: 2

是的,您应该在服务器上进行重新验证,因为您无法控制客户端是否发送错误信息。客户端可能发送错误信息,要么是因为它们有恶意(和/或它们的计算机受到了Compromised),要么是因为它们从数据库中收到了陈旧的信息 - 或者是因为在生成页面的时刻和他们做出选择的时刻之间,信息已经变得陈旧。

根据您的限制,数据库层可能会检测到无效的插入 - 但最好是在执行重要插入的Spring事务内提前进行检查,在服务器上进行检查,以确保不存在任何冲突。

英文:

Yes, you should re-validate on the server, because you cannot control whether clients send bad information or not. Clients can send bad information either because they are evil (and/or their computer is compromised) or because they received stale information from the DB -- or the information became stale between the moment the page was generated and the moment when they made their choice.

Depending on your constraints, the DB layer may detect an invalid insert - but it is better to check beforehand, within the Spring transaction on the server that would do the important insert, that no conflicts exist.

答案2

得分: 0

在后端验证您的数据非常重要。因此,您需要继续在后端进行验证,否则如果您的逻辑依赖于前端验证,您的数据可能会很容易地被篡改。

英文:

Validating your data on the backend is very important. So you need to go ahead and validate it on the backend else your data can be easily manipulated if your logic rely on frontend validation.

huangapple
  • 本文由 发表于 2020年9月23日 00:21:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/64013820.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定