Isaac is examining the secure coding practices document for web applications that his organization provides to customers. He wants to verify that their input validation guidelines are suitable. Which of the options below is NOT considered a typical practice for input validation?

Isaac understands that relying on the security of client systems is not advisable. Therefore, suggesting that validation should be performed on a trusted client is not a suitable recommendation. Instead, it is recommended to perform validation on a trusted server, validate client data, and ensure that the data types and ranges are reasonable. These are all good best practices that Isaac can recommend.