Editing Client–server model (section)

==Client side==
{{refimprove|section|small=y|date=December 2016}}{{See also|Client-side prediction|Front-end (computing)|Pagination# In web browsers|label 3=Pagination § In web browsers}}

Client-side refers to operations that are performed by the [[Client (computing)|client]] in a [[computer network]].

=== General concepts ===
Typically, a client is a [[computer application]], such as a [[web browser]], that runs on a [[user (computing)|user]]'s local [[computer]], [[smartphone]], or other device, and connects to a [[server (computing)|server]] as necessary.  Operations may be performed client-side because they require access to information or functionality that is available on the client but not on the server, because the user needs to observe the operations or provide input, or because the server lacks the processing power to perform the operations in a timely manner for all of the clients it serves.  Additionally, if operations can be performed by the client, without sending data over the network, they may take less time, use less [[Bandwidth (computing)|bandwidth]], and incur a lesser [[Computer security|security]] risk.

When the server serves data in a commonly used manner, for example according to standard [[Protocol (computing)|protocols]] such as [[HyperText Transfer Protocol|HTTP]] or [[File Transfer Protocol|FTP]], users may have their choice of a number of client programs (e.g. most modern web browsers can request and receive data using both HTTP and FTP).  In the case of more specialized applications, [[programmer]]s may write their own server, client, and [[communications protocol]] which can only be used with one another.

Programs that run on a user's local computer without ever sending or receiving data over a network are not considered clients, and so the operations of such programs would not be termed client-side operations.

=== Computer security ===
In a [[computer security]] context, client-side vulnerabilities or attacks refer to those that occur on the client / user's computer system, rather than on the [[server-side|server side]], or [[Man-in-the-middle attack|in between the two]].  As an example, if a server contained an [[encryption|encrypted]] file or message which could only be decrypted using a [[Key (cryptography)|key]] housed on the user's computer system, a client-side attack would normally be an attacker's only opportunity to gain access to the decrypted contents.  For instance, the attacker might cause [[malware]] to be installed on the client system, allowing the attacker to view the user's screen, record the user's keystrokes, and steal copies of the user's encryption keys, etc.  Alternatively, an attacker might employ [[cross-site scripting]] vulnerabilities to execute malicious code on the client's system without needing to install any permanently resident malware.<ref name=oreilly /><ref name=n3tweb /><ref name=alpinesecurity />

=== Examples ===
[[Distributed computing]] projects such as [[SETI@home]] and the Great Internet Mersenne Prime Search, as well as Internet-dependent applications like [[Google Earth]], rely primarily on client-side operations.  They initiate a connection with the server (either in response to a user query, as with Google Earth, or in an automated fashion, as with SETI@home), and request some data.  The server selects a data set (a [[server-side]] operation) and sends it back to the client.  The client then analyzes the data (a client-side operation), and, when the analysis is complete, displays it to the user (as with Google Earth) and/or transmits the results of calculations back to the server (as with SETI@home).