Re: Is there such a thing as too much data validation?

You can never go wrong in checking too much data, though as you state, there does become a tradeoff with efficiency and data validation. Ideally, every sub you write should thoroughly check the data that is submitted and error out if there is something wrong, but in practice, there are cases that are sufficiently harmless to warent skipping over those checks, such as allowing an undef value to go by if you are simply checking for non-zero values in a list of numbers.

That said, it's probably most important to make sure that the data that is coming into the server to be correct, as opposed to delegating error checking in the client. As good examples, I refer to Quake 3 and any other multi-player game; because of widespread cheating, these engine are built not to trust anything that is on the client side, and thus initiates various checks on data that is sent, MD5-like checks on various libraries used, and similar features to make sure that the client version is only using what the server will accept.

Similarly, if you are going to be collecting data from the outside world, you should make sure the server is tight on exactly what it will take, and let the format on the client side be a little slack. Obviously, you want to make sure the client format is tight enough not to cause the client side to have problems, and some checks may be useful to avoid repetitious and annoying resending of large data blocks, but otherwise, let the client format be loose.

Doing it this way also means that if you change the server to improve or tighten certain restrictions, you don't have to worry about having clients change their systems; just have some preestiablished mechanism for allowing the clients to understand the new change and reporting the error.

-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
"I can see my house from here!"
It's not what you know, but knowing how to find it if you don't know that's important

Comment on Re: Is there such a thing as too much data validation?

Replies are listed 'Best First'.
Re: Re: Is there such a thing as too much data validation? by rbc (Curate) on Jan 03, 2002 at 03:56 UTC
Wasn't "3-tier architecture" suppose to be the solution to this sort of thing? Another trade-off you make when you validate the heck out of everything is that you lose maintainability. It would be nice for people who will maintain your code that you do your validation in "one place" "One place" meaning that your validation code be easy to find and maintain. -- Write all your code as if all your operations and maintenance programmers are axe murders that know your address!	[reply]
Re (tilly) 2: Is there such a thing as too much data validation? by tilly (Archbishop) on Jan 07, 2002 at 10:01 UTC
Never? Should the validation rules need to change, having the old ones exist in 5 places may be a maintainance problem. So you may wish to try to centralize where checks happen so that it is easier to centralize where the tests are stored. (Whether this is true depends on what you are doing, how your codebase is organized, etc.)	[reply]