[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Trust and control (as Re: Here's how to process XML documentsw
Somewhere along the line programmers learned that only completely perfect messages should be accepted. In the early days this could be explained by lack of resources for handling variation, but somehow it developed into a deep brittleness in computing culture and infects our tools as well. It's less a question of trust than a question of control, an insistence that every contract be met precisely for fear that we will be paralyzed if something is out of step. I could see the value of well-formedness, though I question even that lately. I don't understand, though, why we regularly insist that the only information worth processing is that which arrived in pristine condition. Programmers of the world, throw away your schemas! You have nothing to lose but your existing toolset! (aka your chains...) Thanks, Simon On 1/31/13 5:41 AM, Costello, Roger L. wrote: > Michael Kay wrote: > > Tony prefaced his advice with "if you can't trust...". You (Roger) > left that bit out. > > Perhaps you did this on the basis that you should never trust > anything. But if you don't trust anything, why are you processing the > XML at all? > > That is a fascinating and puzzling set of statements Michael. > > Yes, I never trust any external input. (That is, I design my > applications and web services such that external input is not > trusted.) I rigorously scrutinize external input prior to allowing it > into my application or web service: > > I validate the input against a tightly constrained XML Schema and > Schematron schema. > > This helps to ensure that the data ingested by my applications and > web services receive is the data they expect to ingest. > > Based on the recent discussions I am thinking that it may be wise to > also add normalization to the external input scrutinizer. > > Why would an application or web service be designed to trust external > input? Perhaps there are circumstances where external input can be > trusted, but surely they are extremely rare? -- Simon St.Laurent http://simonstl.com/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|