[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Trust and control (as Re: Here's how to process XML documentsw

  • From: "Simon St.Laurent" <simonstl@simonstl.com>
  • To: "Costello, Roger L." <costello@mitre.org>
  • Date: Thu, 31 Jan 2013 07:16:36 -0500

Trust and control (as Re:  Here's how to process XML documentsw
Somewhere along the line programmers learned that only completely 
perfect messages should be accepted.  In the early days this could be 
explained by lack of resources for handling variation, but somehow it 
developed into a deep brittleness in computing culture and infects our 
tools as well.

It's less a question of trust than a question of control, an insistence 
that every contract be met precisely for fear that we will be paralyzed 
if something is out of step.

I could see the value of well-formedness, though I question even that 
lately.  I don't understand, though, why we regularly insist that the 
only information worth processing is that which arrived in pristine 
condition.

Programmers of the world, throw away your schemas!  You have nothing to 
lose but your existing toolset! (aka your chains...)

Thanks,
Simon

On 1/31/13 5:41 AM, Costello, Roger L. wrote:
> Michael Kay wrote:
>
> Tony prefaced his advice with "if you can't trust...". You (Roger)
> left that bit out.
>
> Perhaps you did this on the basis that you should never trust
> anything. But if you don't trust anything, why are you processing the
> XML at all?
>
> That is a fascinating and puzzling set of statements Michael.
>
> Yes, I never trust any external input. (That is, I design my
> applications and web services such that external input is not
> trusted.) I rigorously scrutinize external input prior to allowing it
> into my application or web service:
>
> I validate the input against a tightly constrained XML Schema and
> Schematron schema.
>
> This helps to ensure that the data ingested by my applications and
> web services receive is the data they expect to ingest.
>
> Based on the recent discussions I am thinking that it may be wise to
> also add normalization to the external input scrutinizer.
>
> Why would an application or web service be designed to trust external
> input? Perhaps there are circumstances where external input can be
> trusted, but surely they are extremely rare?


-- 
Simon St.Laurent
http://simonstl.com/


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]


PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.