I responded on the ticket as well, but here’s my take: An error like this should absolutely be caught before it raises a database error. A useful, human-friendly error message should be returned via the API. Any uncaught exception is a bug. On the other side of the equation, anything using the API (such as Horizon) should do its best to pre-validate the input, but if invalid input *is* sent it should be handled well. The best way to let Horizon devs know what the problem is is for the API to return an intelligent failure.
All the best, - Gabriel From: Dirk Müller [mailto:d...@dmllr.de] Sent: Sunday, July 14, 2013 5:20 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Nova][Horizon] Is there precedent for validating user input on data types to APIs? Hi Matt, Given that the Nova API is public, this needs to be validated in the API, otherwise the security guys are unhappy. Of course the API shouldn't get bad data in the first place. That's a bug in nova client. I have sent reviews for both code fixes but I've not seen any serious reaction or approval on those for two weeks. Eventually somebody is going to look at it, I guess. Greetings, Dirk
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
