[Asterisk-Users] OT: Best DB
Mohit Muthanna
mohit.muthanna at gmail.com
Wed Mar 16 06:23:52 MST 2005
> > Data validation should be done at all levels. Period.
>
> Validating the SAME data at each level greatly decreases your speed.
True, but at the expense of data reliability and security. If one
validation layer is compromised (buffer overflow, packet injection, or
even a bad link between client and server), the other will catch it.
See my previous post.
Infact, many coding standards and certifications call for strict
validation at all levels.
Never _ever_ sacrifice security for performance. Big mistake.
> It is much simpler and easier to just validate it first.
Disagree. If you were to validate it only in one layer, it would have
to be last (i.e., closest to the server). Think of a website doing
javascript validation of credit card information. One can easily
override the validation my simply modifying the HTTP requests (or
maybe even disabling javascript).
Anyhow, this is getting way off topic. A thousand apologies.
--
Mohit Muthanna [mohit (at) muthanna (uhuh) com]
"There are 10 types of people. Those who understand binary, and those
who don't."
More information about the asterisk-users
mailing list