Archive for the ‘Programming’ tag
Don’t put JavaScript validation, I’ll Firebug!
Recently, I was with my friend to book a cab. The cab service provided an online booking facility which allows you to provide some details (phone number, address, destination and time of cab etc.). We went ahead and tried to book the cab and it wasn’t accepting the request. It seemed that they put a validation to check that user shall not book a cab less than 4 hours prior to departure.
Unfortunately, we wanted to book the cab on a 3 hours notice and it was mandatory for us to book the cab. We couldn’t resist but started looking for options at our hand. We pulled the website in Firefox and opened firebug to see where the validation is executed. We were surprised by the validation was done in browser using a very simple JavaScript. We thought; let’s see if we could just pass the 4 hours validation by bypassing the validation or maybe mocking the action. The validation code was very simple; we just put the breakpoint in the function and then set the variable value via firebug to an acceptable level. Bang! The code ran successfully and cab service accepted the request.
We made a successful cab reservation and my friend could take a peaceful ride back home! Moral of the story: Please put all the business critical validations on the server side instead of browser based JavaScript. If you really want to do some browser based validation then it will be really good idea to obfuscate the code.
Java: static and transient keywords
I came across transient keyword and wanted to get few more details about it. This is one of the most ignored or rarely used keyword by me. It is really funny but, I never really used this keyword extensively. The main reason is, this keyword has a very specific use and most of the applications don't need that for building the business applications. As per info here, when any object state is getting serialized, static and transient variables will be ignored for serialization. Still, Java compiler doesn't give any warning or prohibit from making a variable static and transient at the same time. I don't think this as error but a warning should make more sense in this case.
