[cgiapp] [Fwd: Re: ValidateRM not PP]

Ron Savage ron at savage.net.au
Sun Jan 25 20:40:04 EST 2009 

Hi Folks

> > Fortunately I am neither advocating nor desiring a pure-Perl form
> > validation module, but I don't understand the resistance to this. The
> > poor bloke is saying -- "look, I have folks who want to utilize my
> > scripts in situations where they cannot compile modules... what do I
> > do? Give them something or give them nothing?" I am surprised that
> > there is so much vehemence against this. I don't believe Lyle is
> > saying that a pure-Perl alternative is better or even as good as the
> > compiled modules... all he wants is an alternative, which, while most
> > likely unsuitable for more than the simple cases, is likely a pretty
> > good fit for those simple cases.
> >   
> 
> I heartily agree :)

So do I...

I'm delighted this thread has gotten various ideas spelled out.

To be more specific, I'm not against things when:
o The advantages are clear
o The disadvantages are understood

Many things in like, and in programming, are compromises.

What worried me about the regexp approach is that the disadvantages may
have been under-estimated.

Without even thinking about it, I'm instantly convinced too many special
cases would arise to mitigate (lessen, enfeeble) the effectiveness of
such an approach /where any reasonable alternative was available/.

The problem is not a 'pure Perl' version 'v' an XS version. That's an
installation issue, not a quality or design issue. In other words, lack
of a compiler is a constraint to be worked abround.

The problems are:

o A web page can be saved, edited to delete the JS validation, and
submitted with malicious data (i.e. corrupt intent), which means
server-side is the only place security/data protection issues can be
implemented. The client side work, as explained, is for
user-convenience, i.e. nice-to-have.

o Partial error checking (e.g using a regexp) means end-user pain when
things go wrong, as they inevitablly will, and support-staff hassles,
including trying the educate the end-user, amongst other things.

o Since server-side validation must be done anyway, for any
self-respecting claim to a quality package, don't spend time on a
partial, client-side, solution.

So, weigh up the constaints, programmer time available, priorities, etc,
and go for it!

-- 
Ron Savage
ron at savage.net.au
http://savage.net.au/index.html

More information about the cgiapp mailing list