在客户端验证中，是客户端(网络浏览器)借助客户端语言(例如， JavaScript.在服务器端验证中，是服务器(网络服务器)借助服务器端语言(例如， Java.

In client side validation, it's the client (webbrowser) which validates the input with help of a client side language, e.g. JavaScript. In server side validation, it's the server (webserver) which validates the input with help of a server side language, e.g. Java.

您永远不应仅进行客户端验证，因为最终用户可以控制结果(因此也是可破解/可欺骗的).通常，您希望使用客户端验证，因为它可以提供更快的反馈.最终用户不需要等待表单提交完成，也不需要面对内容闪烁"(页面空白，然后重新显示新内容).您想使用服务器端验证来确保所提交数据的完整性.最终用户绝对无法控制服务器端验证的结果.

You should never do only client side validation, because the result is controllable (and thus also hackable/spoofable) by the enduser. Usually, you'd like to use client side validation because it gives much sooner feedback. The enduser doesn't need to wait for the form submit being completed and doesn't need to face a "flash of content" (page blanks out and then redisplays with new content). You'd like to use server side validation to ensure the integrity of the submitted data. The enduser has in no way control over the outcome of the server side validation.

对于JSF，始终在服务器端进行验证.从JSF 2.0开始，可以使用内置的ajaxical功能提交表单(从而也可以验证表单).它结合了两个方面的优点:具有即时反馈而不会出现内容闪烁，并且具有服务器端验证的鲁棒性/完整性.

In case of JSF, the validation is always server side. Since JSF 2.0 it's possible to submit a form (and thus also validate the form) using builtin ajaxical functionality. This combines the best of the two worlds: having instant feedback without flash of content and the robustness/integrity of the server side validation.