Do Not Rely on Client-side Validation
- J.D. Meier, Carlos Farre, Jason Taylor,
Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
Do not rely on client-side validation because it can be easily bypassed. While you may have control over the source code for the clients that call your service, clients can be reverse engineered or built from scratch to attack your service. Use client-side
validation to reduce round trips to the server and to improve the user experience, but always use validation in the service itself to perform security checks.