Server side validation

HCL Leap Leap Forum
,
1

Hi,

is there a way to validate data submitted from a Volt application on server side before saving the document in Notes database and return error message to user?

Client side validation created in Volt can be bypassed so I need a way to make additional checks.

Two examples:

- My application is calculating price based on checkbox selection. This is done with onChange event on every checkbox which updates the price number field (the price field is disabled). What if someone tries to set manually the price number field with window.NitroApplication object and submit the form? I want to check the correct price based on checkbox selection on server side and raise an error when it's not equal to the price submitted by user.

- I'm using a service calls to validate captcha and return a boolean value when it's valid. The boolean is assigned to a hidden input field and checked if it's true before submitting on client side. Somebody might want to bypass this check and set the hidden input manually so I want to check if captcha validation was successful also on server side.

Regards,

Pawel Krasuski

2

I think you would need to create a Domino agent to run on submission to validate each doc as it comes in.
How you could tell if the doc has been "tampered with" prior to submission would be something you could work out based on the prices returned and the prices submitted.
If the agent fails then you could flag that document as being invalid or "needs review" before it gets processed.

3

In the Google reCaptcha example in the showcase, there are two things happening.

  1. Clicking the checkbox sends a site key request to Google
  2. Google sends an encrypted token back to the client based on the site key
  3. Then a service call fires to send the token back along with the Private key for that site
  4. Google verifies that token and the private key and then returns the boolean

There is no way to check this on the server side as it's a client-side transaction. Google does not provide any API for server-side validation that I've seen.

If you find one, then you'd need to fire that again with a Domino agent on doc submission.

4

Tim, any new advancements as it relates to reCAPTCHA support in LEAP over the past 3 years, since your last post in this thread?