[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] Run-Time Validation of Inbound XML Documents - Yea or Nay?
- From: Stephen D Green <stephengreenubl@gmail.com>
- To: "Costello, Roger L." <costello@mitre.org>
- Date: Tue, 24 May 2011 19:50:11 +0100
When you are dealing with an application you can never say data is *valid*
- you can test its validity in various ways but never exhaustively so you always
have to draw a line somewhere. Often this line is determined by pragmatism
- how much code can be written and run in the time available, etc. A schema
in a (.NET) dataset ('strongly typed' dataset), for example, allows this line to
be drawn further along than othewise practicable since a schema tests many
different aspects of some XML data with such little effort. However, it leaves
some key aspects untested, but to understand those gaps is easier because
XML Schema is standard, well-known technology so it is easier to supplement
a schema with some validation code than to write all the code to do validate
all the same things without a schema. The validation code then is left with a
dependency on the schema, though, so the schema validation is likely to be
left on in this scenario, at runtime: Turning it off would leave holes
in the rest
of the validation (but since there are always holes in validation it
might still be
a viable option to turn schema validation off). The whole historic computing
concept of 'types' is tied somewhat with validation and verification, I think.
Test-driven development introduces another scenario in that at test time there
will be far more effort to validate and catch failed tests. The
emphasis will then
be on regression testing (reproducible testing which can be easily performed
at any stage during subsequent development or change) and this is halfway
to runtime validation. Here there may be a role for test assertions and schema
validation without so much concern about performance reduction and it may be
better to configure the test harness rather than have to change hardcoded tests.
However, the technologies which apply during testing can also apply at runtime
as long as they do not impede the application or system performance.
Always there is an element of risk assessment and proportionate risk management.
----
Stephen D Green
On 21/05/2011, Costello, Roger L. <costello@mitre.org> wrote:
> Hi Folks,
>
> Issue
>
> An application receives an XML document. Should the application validate the
> XML document prior to
> processing it? That is, should applications perform run-time validation of
> inbound XML documents?
>
> Discussion
>
> There is no right or wrong answer to this question. There are only
> engineering tradeoffs. So, before
> making a decision for your particular application, it is important to
> understand the approaches, their
> advantages, and their disadvantages.
>
> More ...
> http://www.xfront.com/Run-time-Validatation-of-Inbound-XML-documents.pdf
>
> Comments welcome.
>
> /Roger
>
> _______________________________________________________________________
>
> XML-DEV is a publicly archived, unmoderated list hosted by OASIS
> to support XML implementation and development. To minimize
> spam in the archives, you must subscribe before posting.
>
> [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
> Or unsubscribe: xml-dev-unsubscribe@lists.xml.org
> subscribe: xml-dev-subscribe@lists.xml.org
> List archive: http://lists.xml.org/archives/xml-dev/
> List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
>
>
--
----
Stephen D Green
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]