Client: is the application making the request to the server. This can be a web app, a mobile app, a script, or a tool like Postman.
The server cannot trust data from the client, but if you only do validation in the client side, your web app, then your server is trusting in client data.
For me the message you are passing is that once you validate the data the user inputs on the client side, then the server doesn't necessarily need to check it again, and this his why I said that is a suicide.
It's interesting that you thought that, because the next paragraph goes on to say that you should use server side validation. And the paragraph after that talks about database side validation.
I may have to revise my statement so that it's clear that you should use all three.
Log in to continue
We're a place where coders share, stay up-to-date and grow their careers.
Exactly this.
NEVER trust data from the client.
Client: is the application making the request to the server. This can be a web app, a mobile app, a script, or a tool like Postman.
The server cannot trust data from the client, but if you only do validation in the client side, your web app, then your server is trusting in client data.
For me the message you are passing is that once you validate the data the user inputs on the client side, then the server doesn't necessarily need to check it again, and this his why I said that is a suicide.
It's interesting that you thought that, because the next paragraph goes on to say that you should use server side validation. And the paragraph after that talks about database side validation.
I may have to revise my statement so that it's clear that you should use all three.