Which of the following is true about input validation in a client-server architecture, when data integrity is critical
to the organization?

A.
It should be enforced on the client side only.

B.
It must be protected by SSL encryption.

C.
It must rely on the user’s knowledge of the application.

D.
It should be performed on the server side.

Explanation:
Client-side validation should only be used to improve user experience, never for security purposes. A client-sideinput validation check can improve application performance by catching malformed input on the client and,
therefore, saving a roundtrip to the server. However, client side validation can be easily bypassed and should
never be used for security purposes. Always use server-side validation to protect your application from
malicious attacks.