-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dale,
Dale Newfield wrote: > Christopher Schultz wrote: >> If you /are/ capturing text you will be using that /can/ contain HTML >> markup, then cleaning it as it comes in is still a mistake. Let's say >> you have a bug in your cleansing code. In that case, bad stuff gets into >> your database where it's hard to root out and fix. > > If that data is hard to find than you haven't cleanly defined your DB > schema. Not at all. Even if all of your input has to go into a single field in a single table, re-running input cleaning scripts on millions of records is not a great strategy. > WHEN to do the cleaning is not a question of security and > maintainability, but a question of amortizing clock cycles to try to get > responses out to browsers as quickly as possible. There is no reason to > clean the same piece of text with the same algorithm more than once, so > why not do it on the input side? I believe I made that clear in my first post. > If you find a bug in your cleansing > code, then once you change it, re-run it ONCE on all the potentially > dangerous text blocks. That could be problematic if you have a lot of data. >> I agree with Leon: cleaning input is not usually a good idea. Cleaning >> output is where the real money is -- from a security and maintainability >> standpoint. > > I'd be happy to change my mind if you can you suggest any other reason > to re-do that work more frequently than changes to the filtering module > / data that backs the filtering module? What happens when you want to print it out in an unescaped form? I'm not sure I can come up with a great use case for that right now, but that's the reason nobody HTML escapes all the data they put in their databases: it's not always destined for a web page display. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+pCW9CaO5/Lv0PARAkTsAJ9uQnDUAQTaVzUdoJLQ6WAhWd1uOQCgqgj1 x6DP+fcnSOo6KlAI6L5TUy4= =qrK2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
