Why validating data at backend is most important?
Hi! Today I am going to share with you why validating data posted by user is most important at the backend even if you validate it at the frontend and why frontend validation is not so important while considering the security of your system.
Basically, the frontend is just the UI and it’s for user satisfaction and it allows a valid user to submit forms with ease and it’s a part of the UI and UX of your software so yeah it’s a good practice that you validate everything at frontend and show helpful messages to user when he/she is trying to send invalid data to the backend.
But some developers are not aware of the security consequences and think that if data is validated at the frontend, they don’t need to validate the coming request from frontend at the server side. They think their backend will be only accessed from their frontend web or mobile app or any other frontend platform.
Hackers know a variety of ways to hack your system and they can directly access your server
Even if your backend uses CORS middleware and only allow requests from one or more whitelisted domains where your frontend code is served, they can edit your frontend code in the browser and send requests to the backend by removing your validation checks at the frontend. Read it again, your frontend code can be manipulated because it’s served to the user client if it’s a browser or a mobile app. Now some may think that their code is compiled and bundled yet it’s not very hard for Professional Hackers to find that bunch of code where they can remove all validation checks or they can also only use your domain and send requests from that domain so only using CORS middleware at the backend won’t help to secure and protect your system from hackers.
Try to create your database models considering all the use cases and do not consider that user will ONLY give certain type of input. Also use some validators for example to check user has provided valid email, credit/debit card number and other info before sending it to your database or third party api’s.
Then comes the testing part. Having a team of UX/UI testers to test your system will help to notice any security faults your system may have before pushing your software to production and it will also help to grow your product without facing the security faults that may greatly affect your software user base and it’s potential to succeed.
Thanks for reading, if you have any questions/queries feel free to ask in the comments