Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95257
Return-Path: <lester@lsces.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 70674 invoked from network); 17 Aug 2016 08:58:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Aug 2016 08:58:54 -0000
Authentication-Results: pb1.pair.com header.from=lester@lsces.co.uk; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=lester@lsces.co.uk; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lsces.co.uk from 217.147.176.230 cause and error)
X-PHP-List-Original-Sender: lester@lsces.co.uk
X-Host-Fingerprint: 217.147.176.230 mail4-3.serversure.net Linux 2.6
Received: from [217.147.176.230] ([217.147.176.230:38243] helo=mail4.serversure.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id FD/E3-45465-64724B75 for <internals@lists.php.net>; Wed, 17 Aug 2016 04:58:53 -0400
Received: (qmail 18530 invoked by uid 89); 17 Aug 2016 08:58:43 -0000
Received: by simscan 1.3.1 ppid: 18523, pid: 18527, t: 0.0728s
         scanners: attach: 1.3.1 clamav: 0.96/m:52/d:10677
Received: from unknown (HELO ?10.0.0.7?) (lester@rainbowdigitalmedia.org.uk@81.138.11.136)
  by mail4.serversure.net with ESMTPA; 17 Aug 2016 08:58:43 -0000
To: internals@lists.php.net
References: <CAGa2bXarw2jTj0yhXpywWNQOJLR2pdhfaqSdwj_btT2giEL15Q@mail.gmail.com>
 <CAGa2bXadVagTwBzEym9PZROmXu3SKxg=huCAQNK3k1-jZeG_pg@mail.gmail.com>
 <CAGa2bXY-vmEgEFrE0OxQPSx=FKHeHdCayrDXxtTkHUVaJbV+-A@mail.gmail.com>
 <CA+kxMuRiOBQpmTeKqNyV8rX0GKCLrYixi--y5TcYUkdqpT746w@mail.gmail.com>
 <CAGa2bXa78fkZw8gtepmBDu+VDwHW_WiDDv65=zzgLTFqYxF+DA@mail.gmail.com>
 <CADyq6s+Y-OeKEyMus5s7xp9MqY7Fq7udqd5BRwtyGXbYCY1Uag@mail.gmail.com>
 <CADyq6sJuHCrLOoL22MWHv+cfrQQx9z=avswCpDVmnuyBCAchsA@mail.gmail.com>
 <CADyq6sKs=e_1Pc_CCLuThsU-qsvRseQcpx=sWKB_uhWsg=aRmQ@mail.gmail.com>
 <7795ca21-bd70-fe65-9519-af95fdfee33f@gmail.com>
 <CAGa2bXZMrO__dVd=qVoKjuPmcvVJ-q4xa8XKc0+aj1kH7Xd2Fw@mail.gmail.com>
 <fe3ccc4c-e81e-34fc-3257-19bd943e4abe@gmail.com>
Message-ID: <5657ac3b-5eca-2ca6-e50d-b897981892c2@lsces.co.uk>
Date: Wed, 17 Aug 2016 09:58:42 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.2
MIME-Version: 1.0
In-Reply-To: <fe3ccc4c-e81e-34fc-3257-19bd943e4abe@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter
 module
From: lester@lsces.co.uk (Lester Caine)

On 17/08/16 09:33, Stanislav Malyshev wrote:
>> "Input validation" should reject all of them and does not have to inform users
>> > (attackers) to "there is invalid input". If you need to tell  legitimate users

> I think we disagree here. I think not doing this makes my work as a
> developer much much harder.

I'm with you on this Stanislav ... we need to know what failed in order
to decide what to do about it. While simply crashing out was acceptable
15 years ago, nowadays knowing what attackers are after can be important?

( and the javascript thing is more a case of upgrading PHP examples to
use html5 validation by default )

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk