过滤器用于检查用户输入的输入是否遵循可接受的标准。过滤器可在浏览器(客户端过滤)或服务器(服务器端过滤)中使用,以验证用户在Web应用程序中提供的输入。
1.服务器端过滤器:
这些是服务器中存在的筛选器检查的类型。当用户键入输入时,该输入将转发到服务器以进行验证。如果用户输入的数据有效,则接受输入,否则将根据输入引发错误。
2.客户端过滤器:
这些是浏览器本身中存在的过滤器检查类型。当用户键入输入时,输入将由客户端过滤器进行验证。如果用户输入的数据有效,则接受输入,否则将根据用户键入的错误输入引发错误。
客户端过滤器和服务器端过滤器在网络安全方面的区别:
CLIENT SIDE FILTERS | SERVER SIDE FILTERS |
---|---|
The filters are present in client side or browser side. | The filters are present in server side. |
Client side filters are easy to bypass or tamper. | Server side filters are difficult to tamper or bypass. |
No load to the server as the browser is performing the input validation checks. | Server recourses are used as the input validation checks are performed in the server itself. |
Code is written using client side languages like html, java. | Code is written using server side languages like php, c#. |
Input is first validated by browser and is then forwarded to the server. | Input is forwarded to the server as it is (without the intervention of browsers). |
Don’t provide much security to data’s. | Provide better security to data’s. |
Response from client side filters are faster since they reside in the user’s browser itself. | Response from server side filters are slower since filter checks are present in server and they are sent back to user’s browser. |