Which of the following is true about input validation in a client-server architecture, when data
integrity is critical to the organization?
A.
It should be enforced on the client side only.
B.
It must be protected by SSL encryption.
C.
It must rely on the user’s knowledge of the application.
D.
It should be performed on the server side.
Explanation:
Client-side validation should only be used to improve user experience, never for security
purposes. A client-side input validation check can improve application performance by catching
malformed input on the client and, therefore, saving a roundtrip to the server. However, client side
validation can be easily bypassed and should never be used for security purposes. Always use
server-side validation to protect your application from malicious attacks.