SY0-301 · Question #876
Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?
The correct answer is D. It should be performed on the server side.. Server-side input validation is authoritative and cannot be bypassed by an attacker. Client-side validation (A) is easily circumvented - an attacker can intercept and modify requests before they reach the server using tools like Burp Suite, making client-only validation ineffecti
Question
Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?
Options
- AIt should be enforced on the client side only.
- BIt must be protected by SSL encryption.
- CIt must rely on the user's knowledge of the application.
- DIt should be performed on the server side.
How the community answered
(38 responses)- A13% (5)
- B3% (1)
- C5% (2)
- D79% (30)
Explanation
Server-side input validation is authoritative and cannot be bypassed by an attacker. Client-side validation (A) is easily circumvented - an attacker can intercept and modify requests before they reach the server using tools like Burp Suite, making client-only validation ineffective for data integrity. SSL (B) protects data in transit but does nothing to validate the content of that data. Relying on the user's knowledge (C) is not a technical security control at all. When data integrity is critical, the server must always validate inputs independently of what the client reports.
Topics
Community Discussion
No community discussion yet for this question.