[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Server side DTD validation only ?
"Roldan, Alex" wrote: > > To me It seems that performing DTD validation on the client and server side > is an unnecessary overhead. Currently, I am only performing validation > against the DTD on the server side app. The request and the response are > both validated by the server app by pre-pending the DTD to the XML document > before it is validated. The text XML data created by the client does not > contain the DTD or an external reference to the DTD. > > 1. Is this the right approach ? If you control both the client and server, and can keep them always in sync (e.g. you're downloading the client from that server) so that you don't run into versioning problems. >From my perspective, both of those restrictions are atypical. Of course you also have to keep in mind that validation is only one level of error checking, and it's possible that the other levels will catch the problems that'd crop up. > 2. What are the problems I can run into ? If you write clients for network programs, you learn that you must not trust servers to perform according to their specifications ... e.g. a server operated by a business competitor might very well attempt to subvert clients that are trusting. It is routine to check the format of data as it's being imported. (And vice versa -- when clients send data to servers, the servers shouldn't trust it, for the same reasons.) Hence the clause above "if you control both the client and server" -- two different companies shouldn't take that approach in their client/server code. Systems are also not static. They evolve over time. The rules for what is correct/valid change over time. If your clients have every reason to trust the servers (and vice versa) you can _still_ run into problems if it's possible for the protocol versions to be mismatched. Hence the clause above "and can keep them in sync". - Dave xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@i... Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1 To (un)subscribe, mailto:majordomo@i... the following message; (un)subscribe xml-dev To subscribe to the digests, mailto:majordomo@i... the following message; subscribe xml-dev-digest List coordinator, Henry Rzepa (mailto:rzepa@i...)
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|