Thanks! (And I always appreciate that there are multiple opinions on any topic).
Doug

I realise that you’re using Wordpress to blog your thoughts onto the internet, but perhaps ensuring that you practice what you preach isn’t such a bad idea either.

Good post, by the way, even if I don’t necessarily agree with all you’ve written.

However, I also agree with Nicolas about using Server Side logic in conjunction with AJAX.

You provided a brilliant example of how validation can mislead users and, worse, drive them away from our site:

Geek Wisdom’s password strength validation from considers tZhKwnUmIss to be a weak password. Not only is this a perfectly strong password but it will also alienate users because it gives them the false impression that logging into your site using this password will be somehow insecure.

It would be much better (and easier) to simply hint users that a good password is at least six characters long and should contain both numbers and letters.

Other questionable validations include user names that need a certain minimum length or may not contain spaces. What’s wrong with the usernames X, john doe, or even #*!§? I can handle that.

For most things I work on I find it takes about 50% of the time to get something working, under normal conditions and if users use the system the way I intended. The other 50% of the development time comes from checking their input, ensuring data integrity is maintained, and making the form fields not allow malicious data to be entered.

I wrote a post on how I use InputVerifiers in my hava swing apps, and show how I verify an email text field. The regular expression I use is easily modifiable to validate phone numbers, zipcodes, SSNs, etc.

My blog post is at http://timarcher.com/?q=node/36

Good writeup Doug!