Even if there is processing overhead - and I think this is really minimal compared to persisting the data - storing unvalidated and therefore maybe wrong data might haver a much higher impact on the application.
And I totally agree, this needs to be configurable (controllable) - but limiting this to the post servlet is way too restrictive. Carsten 2013/7/8 Alexander Klimetschek <[email protected]> > On 04.07.2013, at 14:56, Carsten Ziegeler <[email protected]> wrote: > > > Adding this - maybe as an optional service - into the resource resolver > > makes it also impossible to bypass validation - the validation is always > > done regardless whether the changes are done through the post servlet, > any > > other servlet, or some server side code running in the background. > > We should be careful with the imposed new processing overhead of this. > There needs to be control over it, and IMO an active whitelisting for which > validators (i.e. resource types) this would happen and when. And the > simplest way to do that is to have custom application code call the > validation service (one-liner) themselves and do it automatically only in > the post servlet (but also with an option to enable/disable individual > validators). > > Cheers, > Alex -- Carsten Ziegeler [email protected]
