java - client side validation doubts

Question

I have read from one of the blog, for security reasons, its suggested to do the input data validation at the server side not the client side.

From the above statement, My mind started to ask then 1) what kind of validation i can do with JS in the client side. 2) Is there any rule where any programmers can decide where the validation needs to be performed, whether at the client side or the Server side?

I am building Java based web application

Answer 1

You can do any kind of validation on the client, but you must never rely on that validation.

For UI purposes it is often a good idea to validate on the client since the response time is faster. But since the user can always turn off client side validation (e.g. by turning off JavaScript), you must never rely on it to actually have been performed and re-validate your input on the server.

In general, if the checks are critical to security, don't do it on a system the user can control.