On Sun, Jan 25, 2009 at 7:40 PM, Ron Savage <[email protected]> wrote: > Hi Folks > >> > Fortunately I am neither advocating nor desiring a pure-Perl form >> > validation module, but I don't understand the resistance to this. The >> > poor bloke is saying -- "look, I have folks who want to utilize my >> > scripts in situations where they cannot compile modules... what do I >> > do? Give them something or give them nothing?" I am surprised that >> > there is so much vehemence against this. I don't believe Lyle is >> > saying that a pure-Perl alternative is better or even as good as the >> > compiled modules... all he wants is an alternative, which, while most >> > likely unsuitable for more than the simple cases, is likely a pretty >> > good fit for those simple cases. >> > >> >> I heartily agree :) > > So do I... > > I'm delighted this thread has gotten various ideas spelled out. > > To be more specific, I'm not against things when: > o The advantages are clear > o The disadvantages are understood > > Many things in like, and in programming, are compromises. > > What worried me about the regexp approach is that the disadvantages may > have been under-estimated. > > Without even thinking about it, I'm instantly convinced too many special > cases would arise to mitigate (lessen, enfeeble) the effectiveness of > such an approach /where any reasonable alternative was available/. > > The problem is not a 'pure Perl' version 'v' an XS version. That's an > installation issue, not a quality or design issue. In other words, lack > of a compiler is a constraint to be worked abround. > > The problems are: > > o A web page can be saved, edited to delete the JS validation, and > submitted with malicious data (i.e. corrupt intent), which means > server-side is the only place security/data protection issues can be > implemented. The client side work, as explained, is for > user-convenience, i.e. nice-to-have. > > o Partial error checking (e.g using a regexp) means end-user pain when > things go wrong, as they inevitablly will, and support-staff hassles, > including trying the educate the end-user, amongst other things. > > o Since server-side validation must be done anyway, for any > self-respecting claim to a quality package, don't spend time on a > partial, client-side, solution. > > So, weigh up the constaints, programmer time available, priorities, etc, > and go for it! >
Very nicely put. This whole post makes a lot of sense, and should be kept in mind when designing an application. -- Puneet Kishor http://www.punkish.org/ Nelson Institute for Environmental Studies http://www.nelson.wisc.edu/ Open Source Geospatial Foundation (OSGeo) http://www.osgeo.org/ ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
