You can never go wrong in checking too much data, though as you state, there does become a tradeoff with efficiency and data validation. Ideally, every sub you write should thoroughly check the data that is submitted and error out if there is something wrong, but in practice, there are cases that are sufficiently harmless to warent skipping over those checks, such as allowing an undef value to go by if you are simply checking for non-zero values in a list of numbers.

That said, it's probably most important to make sure that the data that is coming into the server to be correct, as opposed to delegating error checking in the client. As good examples, I refer to Quake 3 and any other multi-player game; because of widespread cheating, these engine are built not to trust anything that is on the client side, and thus initiates various checks on data that is sent, MD5-like checks on various libraries used, and similar features to make sure that the client version is only using what the server will accept.

Similarly, if you are going to be collecting data from the outside world, you should make sure the server is tight on exactly what it will take, and let the format on the client side be a little slack. Obviously, you want to make sure the client format is tight enough not to cause the client side to have problems, and some checks may be useful to avoid repetitious and annoying resending of large data blocks, but otherwise, let the client format be loose.

Doing it this way also means that if you change the server to improve or tighten certain restrictions, you don't have to worry about having clients change their systems; just have some preestiablished mechanism for allowing the clients to understand the new change and reporting the error.

-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
"I can see my house from here!"
It's not what you know, but knowing how to find it if you don't know that's important

In reply to Re: Is there such a thing as too much data validation? by Masem
in thread Is there such a thing as too much data validation? by dooberwah

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.