I'm a frontend developer working on a Search function and a couple of Forms where I'm sending requests to an API that my backend colleague built. I've been validating the text inputs on the client-side to ensure they conform to the backend expectations and to avoid errors. However, when I asked my backend colleague if validation would also happen on the backend, they said it wasn't necessary since, according to them, invalid strings couldn't reach the backend if the frontend is validating them. This doesn't sit well with me, especially since I've noticed that if I send an invalid string to the backend, the whole app crashes due to a lack of error handling. Am I being overly dramatic or is there a legitimate concern here?
5 Answers
Definitely agree with you here! If your backend allows invalid strings without any sanity checks, you're exposing your application to a lot of risks. It's not just about being thorough; it's essential for the safety of your system.
And let's be real, this kind of oversight could lead to some serious vulnerabilities down the line.
It's concerning to hear your backend colleague dismiss such a critical component of security. Validation at the backend is non-negotiable—period. If they refuse, it'd be worth having a deeper chat or even escalating the issue. Everyone benefits from comprehensive service validation.
Absolutely! A backend dev saying that is setting the whole team up for potential disaster.
Yeah, I’d seriously recommend you talk to your leads or management about ensuring that proper validations are in place.
You're spot on to be concerned! Frontend validation is great for user experience, but it shouldn't be the only layer of defense. Validating on the backend is crucial for security and data integrity. Users can easily bypass frontend checks using tools like Postman or by disabling JavaScript in their browser. Always validate on both ends to protect your application.
Right? Backend validation is essential; anyone can manipulate requests bypassing the frontend. It's not just about user experience—it's about safeguarding your app.
Exactly! If they don't validate on the backend, they leave the door open for all sorts of issues, including security vulnerabilities.
Your backend dev is making a big mistake. They should definitely be validating input! What if someone uses a tool to hit the API directly? Client-side validation can easily be bypassed. The backend must ensure whatever data it receives is valid to avoid crashes and other security risks.
Absolutely! It's essential that the backend be the gatekeeper for data integrity. Assuming only the frontend is doing the validation is naive.
Very true! Validation is about more than just checking formats, it's about keeping unwanted or malicious data out of your systems.
You're not being dramatic at all. Client-side checks are just for a smoother user experience. The backend has to validate because it can't trust what's coming from the frontend. Plus, if your whole app crashes from an invalid input, that's a clear sign that the backend isn't handling errors properly!
Exactly! A solid backend should always validate and gracefully handle errors. Crashing apps are a big red flag.
And that’s how data leaks and hacks happen—by not validating the input on the backend.
Exactly! They should approach both client and server validations like security checks—better safe than sorry!