• From: David Brownell <david-b@p...>
• To: Bjoern Hoehrmann <derhoermi@g...>,"Magick, Brian" <Brian.Magick@C...>
• Date: Mon, 01 Oct 2001 11:33:08 -0700

> Early Validation, validate as early as possible, i.e. if you send XML,
> insure it's valid, if you process XML, assume it's valid. It's not
> feasible to let both validate. Validation is always necessary, since
> processing applications must assume some general structure of the
> document.

Unless you control the document sender/creator and have some
reason to _know_ the document is valid, I'd say to assume it won't
be, and thus always validate inputs.  Not so different from any
other application, in short:  perimeter security is essential.

Validation adds maybe 10% to parsing time, which is rarely as
much as 5% of the overall application cost.  That means well
under one percent extra time spent on checking/conditioning
inputs ... would you rather risk bad data entering your database,
or pay an imperceptible increment in latency?  :)

So I guess I'm disagreeing with Bjoern since I don't want to
trust the other end enough to believe it won't send bad data
that'll break something on my end.  Unless maybe the other
end is under my control.

- Dave

• References:
  • When to Validate XML Guidelines
    • From: "Magick, Brian" <Brian.Magick@C...>
  • Re: When to Validate XML Guidelines
    • From: Bjoern Hoehrmann <derhoermi@g...>

• Prev by Date: Re: When to Validate XML Guidelines
• Next by Date: RE: [Fwd: W3C ridiculous new policy on patents]
• Previous by thread: Re: When to Validate XML Guidelines
• Next by thread: Re: When to Validate XML Guidelines
• Index(es):
  • Date
  • Thread