Which one of the following is a threat related to the use of web-based client side input validation?
A.
Users would be able to alter the input after validation has occurred
B.
The web server would not be able to validate the input after transmission
C.
The client system could receive invalid input from the web server
D.
The web server would not be able to receive invalid input from the client
Explanation:
I’m not sure why B is wrong.
Regarding answer A: the issue with client-side input validation is that the user the user can completely bypass input validation (disable Javascript, directly forge the HTTP request, etc., ie. no validation occur at all). While it is indeed possible for the client to intercept and alter the HTTP request after validation, this is just one method amongst others, making this answer incomplete.
Regarding answer B: if a service rely only on client-side validation, the issue is that the server will have no choice than trust the data received from the client, it will effectively be unable to validate the input after transmission.
0
0
B seems wrong because the server doesn’t validate after transmission. Also, A is a clearer threat.
0
0