What kind of flow is easy and secured and best performance giving?
isn't it? For web applications, we have to compromise on something or the other..
Interesting to know the context of validation over here. To me I would consider 2 different scenarios
1. Server side validation of Input data (for vulnerabilities or malicious input)
2. Business level validations (what the business requires)
For business validations I would prefer layer in business components to do it but for input validation (for security) I would have it in controller or a separate layer itself (after controller) which would make it easier to un-plug the same easily if we feel it is trash.
Any contradictions to change my perspective or make me think over again are highly appreciated