Do not rely on client-side validation
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
Do not rely on client-side validation because it can be easily bypassed. While you may have control over the source code for the clients that call your service, clients can be reverse engineered or built from scratch to attack your service. Use client-side
validation to reduce round trips to the server and to improve the user experience, but always use validation in the service itself to perform security checks.