Mandatory field rule should be on the backend or frontend?

Asked

Viewed 775 times

6

I’m building an application where the backend is an API and the frontend is Angular2.

In a user’s registration I do a validation in the API and if a required field is not filled in the API returns an error informing the field that should be required.

My question is in Angular2, whether I should make this rule mandatory too, or whether I can use the API and simply display the return of the API.

'Cause it doesn’t make much sense for me to have two places with the same rule.

api validation encoding-style software-engineering angular
  • 2

    Phrase: 'Cause it doesn’t make much sense for me to have two places with the same rule., makes sense to be sure of all the problems that can occur in validation. Do the primary check in Angular then repeat in your programming language, because it makes a lot of sense to have Front and Back security in such systems. Of course it can be done in the BackEnd (which, in my opinion, is mandatory), but when FrontEnd would also be a way to send the information already well formatted and correct to the Server Side. In the projects I participated are always made the two.

1 answer

7


Is on the right track since the validation takes place on the server. And there’s nothing wrong with just leaving it there. The only mistake is leaving it alone in the customer.

The user experience can suffer if you wait for the data to be submitted to analyze if something is wrong. At a minimum you should use the power of Angular to at least do checks as the data is being entered or manipulated in the frontend. This is already a huge gain. So having an API that allows point validation and using it is already an advantage.

But let’s face it, calling the server on every input can be an exaggeration. And putting validations already in the client itself can be a simplification and slightly challenges the server, including eliminates the chance of failures at that time, which could prevent the user to continue until the fault is corrected (the network may have had a momentary problem. The experience tends to get even better.

Of course, some validations cannot be done on the client side, they need to access the database or even do something that should be privileged. There is no guarantee of privileges in frontend, Anyone can cheat there.

Some people even cache the database in the client, maybe using Indexed DB or something similar, to prevent the client from making unnecessary requests to the server. Of course you have to analyze if this is the case, if you will use frequently, if there is no problem throwing this data on the client, if the volume compensates, etc. To tell the truth almost always that it pays to do this, it was probably a mistake to use web technology.

So it makes enough sense to make in the customer as well, even if it duplicates efforts.

  • So in theory in a system with "double validation" (a front-end and back-end validation), the average user would never see a server validation message, just the JS one, unless he can bypass the front-end "security" and remove a required for example, certain?

  • I have no idea what you’re talking about, to me all this statement makes no sense.

    • Empty field check on backend. - Empty field check on frontend. - Common user does empty field check. - You will see an empty frontend field alert. - Unless you can bypass the frontend, the average User will never see an alert from the backend. Right?

  • It depends on how the application is made, it can be like this.

Browser other questions tagged api validation encoding-style software-engineering angular

You are not signed in. Login or sign up in order to post.