On 02/09/16 01:25, Yasuo Ohgaki wrote: > I don't understand why new validator would cause more problems than > solving. If users validate all inputs (e.g. request headers, cookies, > all of post/get tampering), apps became much more secure. This task > does not belong to business(app) logic. Even when users use the > validator non optimal way, it will improve security.
The whole problem with that statement is at what point do you distinguish between an input being invalid because it does not meet some validation such as bigger than X for 'validation' reasons rather than 'business logic' reasons. STILL in my book, it's the business logic that defines the base validation but I don't need DbC as a straight jacket to define that. Adding additional 'woolly' validation checks around the base validation is a pointless exercise if the rules of the base validation are available to use. -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
