CompTIA Security+ (SY0-501) — Question 950

When designing a web based client server application with single application server and database cluster backend, input validation should be performed:

Answer options

• A. On the client
• B. Using database stored procedures
• C. On the application server
• D. Using HTTPS

Correct answer: C

Explanation

Input validation should be performed on the application server to ensure that all data is verified before processing, thus preventing potential attacks. While client-side validation can enhance user experience, it can be bypassed, making it unreliable. Database stored procedures and HTTPS serve different purposes; stored procedures manage data operations and HTTPS secures data transmission, but neither handles input validation effectively.