---
title: Ensure Server-Side Validation
impact: HIGH
impactDescription: prevents invalid or malicious data from bypassing client-side checks
tags: security, validation, server-side, active-record
---

## Ensure Server-Side Validation

Never rely on client-side (JS) validation alone. Always implement robust validations on the server in your ActiveRecord models.

**Incorrect (no server validation):**

```ruby
class User < ApplicationRecord
  # No validations! Reliant on HTML5/JS
end
```

**Correct (ActiveRecord validations):**

```ruby
class User < ApplicationRecord
  validates :email, presence: true, uniqueness: true
  validates :age, numericality: { greater_than_or_equal_to: 18 }
end
```

**Tools:** Rails Validations, Brakeman
---