About the bug? of the front-end style disabled
in the form, if input is set to disabled, then the value cannot be entered, but by modifying the css style through the browser console and removing the disabled decoration, you can enter and submit the form, that is to say, there is no limit to the front-end code on the server side? It"s the same with Button, although permission issues can be restricted at the back end, but isn"t the front-end restriction useless for developers?
this is just a small question for me, and I don"t hesitate to give you advice.
CSS cannot control the disabled
attribute. You must have made a mistake, for example, you just removed the disabled
style.
the server side cannot restrict the front end and can only validate the submitted information.
all restrictions can be broken, but the costs and benefits vary.
double verification is necessary, and the rules of the client are more like reminders. In addition to the verification function, it also provides a good interactive experience and early error reminder. The verification done by the server ensures the strict correctness of the data
the front-end verification is fake, and those who understand the front-end can skip it, and mainly rely on the interface to ensure data security.
is generally controlled by three layers:
1, CSS, shows users the effect
2, and js, frontend intercept. With this step, even if the first step fails, it can also play a role, such as
3, back-end interception, the real security precautions are here.
the one who can bypass the first two steps is no longer an ordinary user. It is clear that he is going to attack you. The front end really cannot do anything.