Hi! > Yasuo (who Dan quoted here) refers to completely invalid input, such as > invalid UTF-8 byte sequences. I think, that in this case the app should > bail out without even given detailed information, as such grossly > invalid input most likely is an attempt to attack (or a severe browser bug).
I personally am not a big fan of "bail out without giving information", unless that information somehow crosses security boundary (e.g. displaying PHP error messages in production) or reveals unnecessary info (this part is super-tricky in crypto, but ouside of crypto common sense is usually not a bad guide). Assume indeed you have a buggy release of Firefox that produces invalid UTF-8 when your language is set to Hindi (this is almost true story btw, I've seen bug not exactly that but somewhat similar). Now assume you get a message from the user "all our office can not use your application since new version was deployed!" and you walk the user through and it indeed bails out, no additional info. How you debug that? You don't know Hindi is the culprit. You may not have access to that office's environment. Your users can't help much but scream "get our app working again, we're losing money here!". And of course it works for you when you try it and best time to talk to them is 4am on your side. Now, how much easier your life would be if you app would just report "invalid UTF-8 sequence encountered in parameter FirstName" before bailing out? How many hours, pulled out hairs and 4am sessions would it save? I think it's worth considering. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
