Shannon Horn is the co-founder and chief software architect of Web Geniuses Corporation ( Hence, many times validation was not performed in a uniform manner, complex validation was difficult to implement, and Web servers were vulnerable to validation scripts being modified by malicious users.He is a Microsoft Certified Application Developer (MCAD), Microsoft Certified Solution Developer (MCSD) and a Microsoft Certified Trainer (MCT) who has been developing Microsoft Windows and Web-based solutions as well as training for over 12 years. Shannon lives in Glendale, AZ, and is married with two daughters and a son. Validating the information entered by users is an essential part of developing a professional Web-based user interface.He has been a featured speaker at many industry events including Microsoft Dev Days and the ASP. Shannon speaks and trains for companies such as App Dev ( and Learn It ( and has been a featured speaker in training videos with Learn Key. Data validation over the Web is performed in one of two locations: on the user's computer, or on the Web server.NET and Web Services Solutions conference produced by PRO. He has also worked with large corporate clients including Microsoft, Universal Studios, MGM Studios, Monster.com/Flip Dog.com, Intel, Polygram Pictures, Prudential, Micro Accounting Systems, Sky Harbor International Airport, and Southern Automated Systems on projects using Microsoft technologies such as Visual Fox Pro, Visual Studio. Most applications perform their data validation on the user's local computer.He is a published author on several subjects including XML, the migration from Visual Basic 6 to VB. In this scenario, if an error occurs while performing validation on the user's computer, the application can directly display the error message on the page that the user is viewing without the page making a round trip to the Web server and then back to the user.
Since only Microsoft Internet Explorer supports VBScript, you'll probably choose Java Script as your primary scripting language to use on a user's computer.
In addition, malicious users can subvert the validation process.
Users with harmful intent may easily modify the validation script because it is contained in the source of the page that is sent to the user's computer.
The malicious user can then submit the modified script to the Web server with results that are different than what you, the developer, intended.
The alternative to processing data validation on the user's computer is to process it on the Web server.
The opposite pros and cons that applied to processing data validation on the user's computer apply to processing data validation on the Web server.