15 Apr
2014
15 Apr
'14
4:41 a.m.
Dear Octavian and Warren, thank you for your comments. I am sorry if my formulation was unclear. I certainly do need to do server side validation since - as you point out - an attacker might circumvent the user interface. Since the validation is rather complex I don't want to duplicate (all of) it on the client side. Still I would like to give the user as good an experience as possible. Cheers, Lutz