Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:95170 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 10136 invoked from network); 15 Aug 2016 05:17:15 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Aug 2016 05:17:15 -0000 Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.179 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.192.179 mail-pf0-f179.google.com Received: from [209.85.192.179] ([209.85.192.179:34592] helo=mail-pf0-f179.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 30/AA-36656-A5051B75 for ; Mon, 15 Aug 2016 01:17:14 -0400 Received: by mail-pf0-f179.google.com with SMTP id p64so14259910pfb.1 for ; Sun, 14 Aug 2016 22:17:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=fgjr8RE5CmZKUgdaJ0M6O54w3yMr5ubkf4EQsrV5HlU=; b=rwkXRpuDPsRlbVKTy5nJ+6R4tw9w6wmhkg5vKGvapc7462KiRZlItxaRQbXNF5rN4m 4i9Rbpm58Y1SLj+CAJr9xzlJmnuvL9eLonTxhfoqW0/KFpr5lDSRUtZYZMCUKXYSH8VQ WIYn6eCytPNdK6wsaNz3SA7GqIZjIqGHmbsaRb2MOWT6PJ+hUC4hNM0P3c1XQ898E2HP D/xteK85cjQzKBTLHA1LKxYou2OFa7GP/FlAs+3gmXtXOjSy+fnv6LflyqMwfVrbtQwC qgkDj+OLT9QFMayXwBIrpBrbDiZCbp7j1jcVPUlmKCuuktsiuknhouZ+4DonSUPSsLM/ 9c+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=fgjr8RE5CmZKUgdaJ0M6O54w3yMr5ubkf4EQsrV5HlU=; b=Bf++4XZ+EAudAz/9eg+/p1YX9iVN4LX/4f/6WVUfiNtCQ8ehXqfDE+K22zpEOQ/98L rpizGxh0s3NlJbUX7Cg17XFW5E667jWMO9/soZ0Ml4qPAupJsliEWdkXP0nCu4u+57HA Ho1cQUJnoGK/0UsMB0vK9aKrFzikkNvWN14+/BkLZRyzoh8ElsIFxTgtp4GaF903Ddg8 JtQpJoGSndN4uX7KLjFkxVt5cbsvs2qxhIjmlfANr/SKLUsLgFxe1moUQWFFjel00td4 Bg9mlrFjx/9G8Z8DeTU5cf+vlUcGqsMhmHBvRJl/r0fs8oKXwgIbQWrI0bGw0jwVWXas 18rA== X-Gm-Message-State: AEkoouuv8jXLhf7QvbUGsX706QF0tw74lw0hfVlSRQGQcPCHWWjtFceoQPbpJBbGupW9Zw== X-Received: by 10.98.15.145 with SMTP id 17mr51146693pfp.40.1471238229788; Sun, 14 Aug 2016 22:17:09 -0700 (PDT) Received: from Stas-Air.local (108-233-206-104.lightspeed.sntcca.sbcglobal.net. [108.233.206.104]) by smtp.gmail.com with ESMTPSA id p64sm29225313pfd.11.2016.08.14.22.17.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Aug 2016 22:17:08 -0700 (PDT) To: Marco Pivetta , Yasuo Ohgaki References: Cc: Dan Ackroyd , PHP Internals List Message-ID: <7795ca21-bd70-fe65-9519-af95fdfee33f@gmail.com> Date: Sun, 14 Aug 2016 22:17:07 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > It seems there is misunderstanding. > These new functions are intended for "secure coding input validation" that > should never fail. It means something unexpected in input data that > cannot/shouldn't keep program running. Why do you need to parse > message? I think the problem here is as follows: assume you accept use input. You want it to conform to some set of rules. If it does not, you may want to inform the user that the input is wrong, in an informative way. Now, if you say these functions "should never fail", it implies that before them, there would be other functions filtering user input (because user input could always violate whatever rules you'd have) - and then the question is, would you really want *two* sets of validators? You'd probably want one. Now, when you have one, you probably want it to validate the data and return some information that would be useful for informing the user what has gone wrong. That seems to be the issue here. I do think having strong input validation is a good thing. However, we'd also need to have them in a way that would make them useful in above scenario - otherwise people would avoid them because they fail "too hard" and the app does not retain enough control over the outcome. > There is misunderstanding on this. > As I wrote explicitly in the RFC, input validation and user input > mistakes must be handled differently. > > "The input validation (or think it as assertion or requirement) error" > that this RFC is dealing, is should never happen conditions (or think > it as contract should never fail). This is what I'm not sure I understand - when this approach would be used? I.e. if I get data from the user, I surely can not claim I can impose any conditions on the data that would never fail. Is it assumed I'd pre-filter the data before passing it to this filter? > The point of having the input validation is accept only inputs that > program expects and can work correctly. Accepting unexpected > data that program cannot work correctly is pointless. Well, that depends on what you mean by "accepting". The program should exhibit sane behavior (i.e., useful error message, not whitescreen or something like that) on bad input. That behavior can be different - i.e., if you are given wrong password, you shouldn't be too helpful and say "this password is wrong, the right password is this: ...." (you'd laugh but there *was* a real application doing this, no, I have no idea what the developers were thinking :) but at least you could say "authentication details are wrong". > Don't misunderstood me. I'm not saying "You should reject user input > mistakes". > "User input mistakes" and "input validation error" is totally different > error. Here, again, I am not sure I understand the difference. -- Stas Malyshev smalyshev@gmail.com