Home/ Questions/Q 520163
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T08:06:59+00:00

(i am a software tester, not a software developer. i am testing a software

  • 0

(i am a software tester, not a software developer. i am testing a software developer’s webportal (tomcat) / database (mysql) software)

In the client webbroswer, I have to have cookies enabled (default) and javascript enabled (default) in order to log-in. I am using FF3.5.5.

Once successfully logged in, I then disable the javascript setting on the webbrowser.

I am logged into the webportal in order to tail the log — in order to monitor for exceptions. I am also logged into the database (mysql) — in order to see any changes in the database.

pwd
/usr/local/tomcat/logs

The webportal provides to the user, four “add/edit form pages” that the user can navigate into and enter data into and then click on the submit button (to write to the database)… AND each of these four “add/edit form pages” are designed with “client side javascript field checking” — to make sure that the user fills out the ‘required’ fields (Note: In this case, I am only interested in the case where there is error checking upon clicking on the submit button).

Two of the four “add/edit form pages” do not display when navigated to. I would say that this is a pass — SINCE javascript is disabled on the client.

  • Though, there is no message “bubbled up to the user” explaining why the webportal has choosen not to display the “add/edit form” to the user (fail).

The other two allow me to navigate into them. I would say that this is a fail.

  • One of these “add form pages” — that I am able to navigate to, allows me to then “submit” the form (with all of the required fields intentionally left in the null state — upon submit) (fail). This then causes the webportal to throw an exception (fail). The database table is not changed (pass).

  • One of these “add form pages” — that I am able to navigate to, allows me to then “submit” the form (with all of the required fields intentionally left in the null state — upon submit) (fail). This then does NOT cause the webportal to throw an exception (pass). The user is able to write the info to the database table (if it was the first submission using this form for the account) (fail).

I believe that my assessments of the passes and fails above are correct.

I am curious to know what the proposed fix would be in actual code.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    it looks to me like the portal is lacking server-side validation and relies on javascript for validating. This is a major security flaw and should be fixed. So i guess the following should pass with javascript turned off

    • user is able to view the form
    • user is able to submit the form with valid data
    • user is able to submit invalid data and gets an exception (or better, a friendly message) from the server
    • 0