To be fair, you can NEVER trust the client in a client-server
architecture. Someone will always find a way to present invalid
data to the server.
You MUST validate in the workstation and revalidate in the server.
That duplication is no excuse for failing to do keystroke validation.
You do it to make life tolerable for your client.
Think how many times you have given up in disgust trying to fill in
some stupid form on the Internet. Think how many technopeasants they
have discouraged. Thin clients are a tool for infuriating and scaring
off customers.
FORMS are so pathetically inept the way they do ZERO validation. Even
a 3270 from the 1970s could do better than that. Even a KEYPUNCH could
do better than that. Further they FORGET values when you retry.
The way to do it properly is to use a thick client to do keystroke
validation, field by field prompting, then send the data off in tidy
form to the server.
The validation does NOT have to be repeated in full. For example a
number sent in binary need only be validated on bounds. There is no
need to recheck for alpha, number of decimal places, total fill etc.
The solution will be a tool that generates consistent code both for
the server and for client from the same set of validation specs.
The other half of the tool will be like a vCard that fills in forms
with the standard bubblegum, with your approval. Think how many
thousand times you have entered your name, address, email address,
snail address into some form, field by field or even keystroke by
keystroke if you don't use Opera.