I’m involved in a large-scale cloud project as part of a team that oversees various table views. Each table features its unique add/edit forms, and some fields can be set to read-only depending on the user’s permissions. We currently make a request to the server, which sends back information on access rights. Using this data, we adjust the validation rules for form fields (like making certain fields read-only or mandatory). I’m curious whether this method is secure. Can we safely depend on client-side validation being modified by the server response, or is there a better way to manage access permissions and validation for forms? Our technology stack includes Spring Boot for the backend, Angular for the frontend, and PostgreSQL for our database.
Hey! It’s kinda tricky to solely rely on client-side validation. It’s good for user experience but not foolproof cuz users can tamper with client code. It’s better to enforce validation also server-side, ensuring robust security. But yeah, dynamic form handling makes the user experience smoother, just be cautious about security.