Should I double validate data exchange between server and client (mobile)?

Question

My server send some data to the mobile app
The user does some operations with those data and sends other objects back to the server, which contains the data that the server first sent (PS: of course those objects are created by the mobile app through user interaction)

Before the server persist mobile's data, should I validate if the server data inside it is consistent? Because if it's not, it will cause a exception.

But if you know it will cause a exception, why don't you avoid it?

Because I'm relying on:

Mobile app to be working 100% and send consistent data
Authentication between requests so it's not forged
Extra overhead checking something that normally would be OK, unless someone hacks it

score 0 · Answer 1 · answered Feb 03 '16 at 01:12

0

Yes, you should validate and sanitize all inputs on the server side. Authentication doesn't help with integrity. If I am an attacker, I can make HTTP requests using CURL bypassing any security control you may have in your app.

answered Feb 03 '16 at 01:12

gauravphoenix

2,814
3
25
33

Should I double validate data exchange between server and client (mobile)?

1 Answers1