Current CTO exploring entrepreneurship on the side; coach; mentor; instructor.
Dedicated to promoting digital literacy and ideological diversity in tech.
Agreed. But we're discussing doing something that shouldn't really be done at all in the frontend in the first place.
So the argument is why do something twice when it really doesn't need to be done at all.
We're not really talking about checking a users name. We're talking about ensuring your query logic hasn't been tampered with by a malicious outside entity. But if your query logic doesn't need to be there at all, why put in the extra effort in the first place?
The reason is not because developers don't like doing things twice.
You should have to implement validation twice, both in frontend and backend.
Doing it in frontend for better user experience and reduce unnecessary requests, doing it backend again for security.
What we do not like is the idea of skipping validation entirely in either side.
Agreed. But we're discussing doing something that shouldn't really be done at all in the frontend in the first place.
So the argument is why do something twice when it really doesn't need to be done at all.
We're not really talking about checking a users name. We're talking about ensuring your query logic hasn't been tampered with by a malicious outside entity. But if your query logic doesn't need to be there at all, why put in the extra effort in the first place?
Yeah, you got a point. +1 :)