(13)Always perform validation on the server as well
招数13:
总是在服务器端执行验证
This isn’t exactly a performance tip but rather a security tip for when people think that they could improve performance by cutting out server-side validation. These days, client-side validation can be bypassed with ease, so you can’t trust what comes from the browser. So if you think you can save some processing cycles and bypass these steps, don’t, as you’re actually opening massive security holes.
当人们认为可以通过砍掉服务器端验证提升性能的时候,这不是一个性能技巧而是一个安全提示。目前,可以轻松绕过客户端验证,所以你不能相信来自浏览器的验证。所以如果你认为绕开这些步骤来减少处理回环,不,你其实是开了巨大的安全漏洞。