Which of the following is true about input validation in a client-server architecture, when data
integrity is critical to the organization?
A.
It should be enforced on the client side only.
B.
It must be protected by SSL encryption.
C.
It must rely on the user’s knowledge of the application.
D.
It should be performed on the server side.
Why server side? Because the client shouldn’t be allowed to know what characters are allowed or not. Exposing that much gives the baddies that much more information that can be used against the server. Keep them in the dark.
When the integrity data in important, it’s best to validation on the server side. If you do it on the client side and say.. you use javascript or some other scripting languages to do it; the client/user can easily disable javascript and such and will make it invalid. Server side is always safer because once the input data is received by the server, that data can be validated on the server before further processing takes place.
When the integrity data in important, it’s best to validation on the server side. If you do it on the client side and say.. you use javascript or some other scripting languages to do it; the client/user can easily disable javascript and such and will make it invalid. Server side is always safer because once the input data is received by the server, that data can be validated on the server before further processing takes place.