Isaac is reviewing his organization’s secure coding practices document for customer-facing web applications and wants to ensure that their input validation recommendations are appropriate. Which of the following is not a common best practice for input validation?

Isaac knows that trusting client systems to be secure is not a good idea, and thus ensuring that validation occurs on a trusted client is not an appropriate recommendation. Ensuring that validation occurs on a trusted server, that client data is validated, and that data types and ranges are reasonable are all good best practices for him to recommend.