Re: Automated Form Validation?
From: Matt Mitchell (m_a_t_t_remove_the_underscores_at_metalsponge.net)
Date: 02/27/05
- Next message: bluenile: "Re: get page source after login"
- Previous message: Don: "Re: Accessing cookies after domain has been mapped to another domain/folder"
- In reply to: Chung Leong: "Re: Automated Form Validation?"
- Next in thread: Chung Leong: "Re: Automated Form Validation?"
- Reply: Chung Leong: "Re: Automated Form Validation?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 27 Feb 2005 15:09:30 GMT
"Chung Leong" <chernyshevsky@hotmail.com> wrote in message
news:wv-dnSztIan-mr3fRVn-gA@comcast.com...
: That's a bit unfair, isn't it? I would, of course, every argument arguing
: against the ideal scenario. Everything would be honky dorry be if everyone
: follows best practice et al. What guarantee can you give that best
practice
: was followed, given that, as you said below, people are proned to err? And
: keep in mind that validation has a direct bearing on security. If your
: assertion that everything was coded according to best practice turned out
to
: be untrue, then you have all sort of holes in your application.
:
I was considering this from the standpoint of coding to improve security.
If you are arguing from the viewpoint that "it is necessary to prevent sql
injection/xss attacks/etc", then it is natural to assume that you would
validate all user data and check it doesn't contain anything harmful.
Whether you do this by refusing to allow users to edit the site templates,
or by escaping all their data to block them, it is a logically inconsistent
argument to say "my method which checks user data is better than yours,
because yours requires the code to check the user data".
: > But in the vast majority of cases, the validation IS generic. Most
: computer
: > software, most people, and most businesses handle the same type of data
: > repeatedly; computers are useful because they are good at doing the same
: > task over and over and over again, exactly the same each time. People
are
: > very bad at doing this, and that's why it's better to get something
right,
: > and then let a computer handle getting it done right the next time.
: If that's true, then the validation rules aren't going to change. So
you're
: back to square one.
1 - If the rules *never* change, then it is still more efficient to code the
validation once, and then reference that function/method multiple times
2 - I didn't say that the validation rules never change, I was arguing that
if they *do* change, it is easier, less error-prone, and more efficient to
change them in a single location; additionally this method can lead to much
more readable code.
Matt
- Next message: bluenile: "Re: get page source after login"
- Previous message: Don: "Re: Accessing cookies after domain has been mapped to another domain/folder"
- In reply to: Chung Leong: "Re: Automated Form Validation?"
- Next in thread: Chung Leong: "Re: Automated Form Validation?"
- Reply: Chung Leong: "Re: Automated Form Validation?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
