Insider Article
-
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
-
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
Yepp... Security is more important than "pseudo perfomance optimization"... You can cover perfomance costs by adding some not really expecive hardvare but in case of real problems with security you will need to spend lot more money...
------------------------------------------------------------ Want to be happy - do what you like!
-
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
Yup. Bad tip. Just don't do it, kids!
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
And with that, Paul closed his browser, sipped his herbal tea, fixed the flower in his hair, and smiled brightly at the multitude of cute, furry animals flocking around the grassy hillside where he sat coding Ruby on his Mac...
-
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
It's incompetent advice. Client side validations aren't reliable, their only point is saving the user the time it takes to make the trip to the server to validate and displaying the page with the errors. If javascript is disabled or blocked, bye-bye "validations". Not validating on the server is a newbie mistake that invites all sort of exploits and errors.
-
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
Oh that's right. Just validate on the client side. But wait. Who's that? Cross Site Scripting Man, coming to inject malicious values into your database because you switched the server side validation off.
Deja View - the feeling that you've seen this post before.
-
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
clickety![^] It could be good advice, but badly worded. Correct would be something like: Try to catch invalid input on client side, so you can avoid (expensive) postback and server side validation, when you already know it's invalid. (But always have server side validation in place.)
[My Blog]
"Visual studio desperately needs some performance improvements. It is sometimes almost as slow as eclipse." - RĂ¼diger Klaehn
"Real men use mspaint for writing code and notepad for designing graphics." - Anna-Jayne Metcalfe -
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
-
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
That's a bad article just about all around. 1. Test your applications performance. 2. Understand what the expected peak load for you application will be in requests/sec. 3. If you need your page to perform the difference between fast enough and appears instantaneous on your development system can be huge. Anything under a couple of hundred milliseconds appears instantaneous, but you might need to get it down to 20 Follow those 3 rules and optimize performance where you need to, and write for maintainability in all other cases.
This blanket smells like ham
-
That's a bad article just about all around. 1. Test your applications performance. 2. Understand what the expected peak load for you application will be in requests/sec. 3. If you need your page to perform the difference between fast enough and appears instantaneous on your development system can be huge. Anything under a couple of hundred milliseconds appears instantaneous, but you might need to get it down to 20 Follow those 3 rules and optimize performance where you need to, and write for maintainability in all other cases.
This blanket smells like ham
5
Andy Brummer wrote:
That's a bad article just about all around.
Well, duh. It's on "Software Development in the Real World". Ya know how real world software development[^] sometimes is :) ps.: you know you are paranoid when you hit ctrl+s after finishing sentence in the freaking browser text area :wtf::-O
[My Blog]
"Visual studio desperately needs some performance improvements. It is sometimes almost as slow as eclipse." - RĂ¼diger Klaehn
"Real men use mspaint for writing code and notepad for designing graphics." - Anna-Jayne Metcalfe -
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
Wow, this is really stupid.
----- If atheism is a religion, then not collecting stamps is a hobby. -- Unknown God is the only being who, to rule, does not need to exist. -- Charles Baudelaire
-
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
Requires use of the other security validation methods built into the .NET framework. After a certain point there is not much you can do. Declarative security and good object orientation can remove a lot of the security risk. Having been at a lot of ASP.NET shops I can say that most likely with the code you have been exposed to it is a massive risk. However, performance and maintainability both come from proper planning.
Need a C# Consultant? I'm available.
Happiness in intelligent people is the rarest thing I know. -- Ernest Hemingway -
Hey Just reading an article from the insider letter about how to improve ASP.NET performance and it quotes this: Avoid Server-Side Validation Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth. (link to the full article http://www.realsoftwaredevelopment.com/2007/08/20-tips-to-impr.html) Ok this will improve performance but surely the cost of a performance hit is worth the security. Does any one else think this is a daft trade or is it only me? Dan
Two-tier validation, again? On the server side, protect the server. Developer-focused diagnostics are more important here than user friendly error messages. On the client, help the user enter valid data. This often requires more detailed analysis of the input, and must be tailored to the front end.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighist