[
Lists Home |
Date Index |
Thread Index
]
Norman Walsh wrote:
>/ Rich Salz <rsalz@datapower.com> was heard to say:
>|> <shrug/> Intelligent folks building real systems tell me that
>|> validation isn't actually something you do in production code
>|
>| Those folks are asking for a world of pain once/if they move their
>| application out of a tightly controlled environment. Trust, but
>| verify. How many Web problems were caused by not validating HTML form
>| data?
>
>Oh, I expect their doing validation, but it's in their application
>and it isn't implemented directly in any particular schema language.
>Or maybe they're cruising for a bruising, I dunno.
>
>
>
If one uses XML for serializing objects and nothing else, then things
get easier. But developing real systems would get easier if there was a
way of developing them so that validity (well-typedness) is checked
statically.
The system would be validating (in some form) when it gets input from
the outside, but it would never run validation because the programs are
type-checked, producing correct outputs from correct inputs.
In small systems, one can also get by without the static checking, then
the programmer has to be clever enough to overlook everything, doing
some mental type-checking of his code. But programmers have limits, and
I'd guess real systems can easily be beyond that limit.
cheers,
Burak
--
Burak Emir
http://lamp.epfl.ch/~buraq
|
