Alberto Scotto
Blue Reply
Via Cardinal Massaia, 83
10147 - Torino - ITALY
phone: +39 011 29100
al.sco...@reply.it
www.reply.it
On 01/01/2013 10:43 AM, Scotto Alberto wrote:
> Don't know what is the best. I think using preconditions is a strong
> practice that gives you freedom and lets you avoid duplicate checks.
> Actually, the preconditions must be documented...
>
> So I think that I may go for documenting the precondition in the wiki
> page (also for simplicity).
>
> What do you think?
Relying on the input being validated before handed to the function is
asking for trouble as soon as the function starts being used in multiple
places, some of which may not validate the input. The function should
be a black box, and you shouldn't need to know that it's going to pass
provided arguments to shell_exec(). Fix problems at the source, not at
some more distant location. You'll end up playing whack a mole otherwise.
Thomas
______________________________________
Thanks for your contribution.
> Fix problems at the source
Exactly.
>From my point of view, the "source" is who/what generates the input: the user
>who fills in a form. So, this is why I say that the input validation should be
>done around the View layer, while in the back ("rt_auth" function) I should
>assume with a precondition that the input is not evil anymore.
________________________________
--
The information transmitted is intended for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Any review,
retransmission, dissemination or other use of, or taking of any action in
reliance upon, this information by persons or entities other than the intended
recipient is prohibited. If you received this in error, please contact the
sender and delete the material from any computer.
