On 29 Jun 2017 at 08:01, Eric Grange <egra...@glscene.org> wrote: >> The sender, however, could be lying, and this needs to be considered > > This is an orthogonal problem: if the sender is sending you data that is > not what it should be, then he could just as well be sending you > well-encoded and well-formed but invalid data, or malware, or > confidential/personal data you are not legally allowed to store, or, or, > or... the list never ends. > > And generally speaking, if your code tries too hard to find a possible > interpretation for invalid of malformed input, then you are far more likely > to just end up with processed garbage, which will make it even harder to > figure out down the road where the garbage in your database originated from > (incorrect input? bug in the heuristics? etc.)
It will end up in the user's database. No heuristics are involved; I can do no more than believe what the sender tells me. The IDE I am using does at lest allow, in its base64-decode, that I request lossy conversion in the case of bad input. -- Cheers -- Tim _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
