Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95553
Return-Path: <lester@lsces.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 61810 invoked from network); 2 Sep 2016 08:42:30 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Sep 2016 08:42:30 -0000
Authentication-Results: pb1.pair.com header.from=lester@lsces.co.uk; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=lester@lsces.co.uk; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lsces.co.uk from 217.147.176.214 cause and error)
X-PHP-List-Original-Sender: lester@lsces.co.uk
X-Host-Fingerprint: 217.147.176.214 mail4-2.serversure.net Linux 2.6
Received: from [217.147.176.214] ([217.147.176.214:46057] helo=mail4.serversure.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 77/71-19490-37B39C75 for <internals@lists.php.net>; Fri, 02 Sep 2016 04:42:29 -0400
Received: (qmail 17271 invoked by uid 89); 2 Sep 2016 08:42:24 -0000
Received: by simscan 1.3.1 ppid: 17265, pid: 17268, t: 0.0751s
         scanners: attach: 1.3.1 clamav: 0.96/m:52/d:10677
Received: from unknown (HELO ?10.0.0.7?) (lester@rainbowdigitalmedia.org.uk@81.138.11.136)
  by mail4.serversure.net with ESMTPA; 2 Sep 2016 08:42:24 -0000
To: internals@lists.php.net
References: <CAGa2bXarw2jTj0yhXpywWNQOJLR2pdhfaqSdwj_btT2giEL15Q@mail.gmail.com>
 <CAGa2bXaA+uvh_wpRAHeiv+Xb-JOrTAkyoe3jzq3FVCEbfja_5w@mail.gmail.com>
 <232F1604-2211-4351-B830-EDC958A25D6D@strojny.net>
 <CAGa2bXb2y4afY28rwdcjgxUEkr41ZPMMdj4dUtMDVtJLBONAbA@mail.gmail.com>
Message-ID: <2de35db0-9974-cc96-83dd-3d2dbd48f7f8@lsces.co.uk>
Date: Fri, 2 Sep 2016 09:42:24 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.2
MIME-Version: 1.0
In-Reply-To: <CAGa2bXb2y4afY28rwdcjgxUEkr41ZPMMdj4dUtMDVtJLBONAbA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC][VOTE] Add validation functions to filter module
From: lester@lsces.co.uk (Lester Caine)

On 02/09/16 01:25, Yasuo Ohgaki wrote:
> I don't understand why new validator would cause more problems than
> solving. If users validate all inputs (e.g. request headers, cookies,
> all of post/get tampering), apps became much more secure. This task
> does not belong to business(app) logic. Even when users use the
> validator non optimal way, it will improve security.

The whole problem with that statement is at what point do you
distinguish between an input being invalid because it does not meet some
validation such as bigger than X for 'validation' reasons rather than
'business logic' reasons. STILL in my book, it's the business logic that
defines the base validation but I don't need DbC as a straight jacket to
define that. Adding additional 'woolly' validation checks around the
base validation is a pointless exercise if the rules of the base
validation are available to use.

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk