Jump to content


Photo

Transaction order: when to validate, autheniticate


  • Please log in to reply
14 replies to this topic

#1 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 15 September 2006 - 11:18 AM

This thread is the continuation of an discussion that went on in the 'form validation logic' sticky in PHP Help.


Jenk is arguing that in an application the following transaction ORDER is a fact:

1.) Establish which action is to be taken. (e.g. which page to display)
2.) Authenticate, Filter, Validate and Escape input.
3.) Logic (the 'workings' of your script - including establishing data sources, error handling, etc.)
4.) Display output.

I'm arguing that this is not completely accurate, and at least some authentication should be able to take place before you can properly determin the 'route' (e.g. what logic to execute).

My last compromize:

1) get route
L1a) get requested route
L1b) authenticate
L1c) adjust route if required
2) delegate (processing logic)
L2a) validation
L2b) all other logic
3) send output

Jenk is presenting me with this challenge:

I suggest you re-read up on the FrontController pattern.

Ok, let's see you prove your statements. Authenticate the through put from this form:

<form action="index.php" method="post">
<input type="text" name="myfield" size="15" />
<br />
<input type="text" name="myfield2" size="15" />
<br />
<input type="submit" />
</form>

Authenticate, Validate and Filter that, please.


I can't, because it's not a representation of a request. I can't determin the requested route, nor is there in this case anything to authenticate.

Example of authentication BEFORE routing:

User ip/host combo is on the banned list, adjust routing accoringly.


#2 Jenk

Jenk
  • Members
  • PipPipPip
  • Advanced Member
  • 778 posts

Posted 15 September 2006 - 11:22 AM

Thus, the order I posted is correct.. without knowing which action to execute (aka route to take, page to display, logic to execute,) you cannot authenticate anything.

edit: Btw, it's a perfectly normal respresentation of a request. It's just like any other request - it's a form.

#3 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 15 September 2006 - 11:25 AM

Thus, the order I posted is correct.. without knowing which action to execute (aka route to take, page to display, logic to execute,) you cannot authenticate anything.


You are again ignoring the difference between the requested and ultimately applied route.

#4 Jenk

Jenk
  • Members
  • PipPipPip
  • Advanced Member
  • 778 posts

Posted 15 September 2006 - 11:26 AM

No, I'm not.

What I have ignored until now, is that you've changed what you argued and have also put a heavy bias on your OP in this thread ;)

#5 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 15 September 2006 - 11:30 AM

No, I'm not.

What I have ignored until now, is that you've changed what you argued and have also put a heavy bias on your OP in this thread ;)


True, I did change my point of view, because it was not on the spot. Niether is yours, yet you persist that it is the only right way/order. I'm a big enough man to admit when I'm wrong and adjust my perspective accordingly.

#6 Jenk

Jenk
  • Members
  • PipPipPip
  • Advanced Member
  • 778 posts

Posted 15 September 2006 - 11:33 AM

Have you read up on what Establish means yet? I even gave you a definition in the other thread, of what each step is for.

#7 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 15 September 2006 - 11:38 AM

edit: Btw, it's a perfectly normal respresentation of a request. It's just like any other request - it's a form.


No it's not.  <challenge>We can't deduct any route from it. From neither of our perspectives. </challenge>  ;D

Have you read up on what Establish means yet? I even gave you a definition in the other thread, of what each step is for.


I must have missed that. And no I don't have clue what you're talking about.  :P

Edit: You aren't talking about this, are you:

- Determine which action the user has requested, if the user is allowed such action and serve the appropriate action.


Because like I already pointed out it has an 'authentication clause' (I think I'll take that dictionary and put that in there now  :P)...

It consist of three different actions, when extracted, equalling 'my' order!

So I guess (as if I hadn't noticed) this discussion is more about who's right and who's wrong than the actual subject...

But hey I think it's fun.. :P

#8 Jenk

Jenk
  • Members
  • PipPipPip
  • Advanced Member
  • 778 posts

Posted 15 September 2006 - 11:59 AM

edit: Btw, it's a perfectly normal respresentation of a request. It's just like any other request - it's a form.


No it's not.  <challenge>We can't deduct any route from it. From neither of our perspectives. </challenge>  ;D

Read the source code of the page you are currently viewing (i.e. this one) if you are now going to argue a form is not a valid request.

Have you read up on what Establish means yet? I even gave you a definition in the other thread, of what each step is for.


I must have missed that. And no I don't have clue what you're talking about.  :P

Edit: You aren't talking about this, are you:

- Determine which action the user has requested, if the user is allowed such action and serve the appropriate action.


Because like I already pointed out it has an 'authentication clause' (I think I'll take that dictionary and put that in there now  :P)...

It consist of three different actions, when extracted, equalling 'my' order!

So I guess (as if I hadn't noticed) this discussion is more about who's right and who's wrong than the actual subject...

But hey I think it's fun.. :P

So, have you now finally clicked on what "Establish which Action to take" means? The key word being Establish, not Action..


#9 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 15 September 2006 - 12:11 PM

So, have you now finally clicked on what "Establish which Action to take" means? The key word being Establish, not Action..


LOL, you are truly unbelievable...  :P

You only added the definition of 'Establish which Action to take' to hold three totaly separate actions after I told you the 'establishing' should be split TWICE! Plus, it is still incorrect, because it doesn't allow for 'rerouting' upon failure of authentication. I just says: 'we authenticate to check if the action is allowed', but what to do if it is not?

#10 Jenk

Jenk
  • Members
  • PipPipPip
  • Advanced Member
  • 778 posts

Posted 15 September 2006 - 01:00 PM

Nope, you still need to read the definition of Establish. Save yourself all this headache you keep putting yourself through and go read it..

Establish which action to take.

#11 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 15 September 2006 - 01:14 PM

Nope, you still need to read the definition of Establish. Save yourself all this headache you keep putting yourself through and go read it..

Establish which action to take.


es·tab·lish Pronunciation (-stblsh)
tr.v. es·tab·lished, es·tab·lish·ing, es·tab·lish·es
1.
a. To set up; found. See Synonyms at found1.
b. To bring about; generate: establish goodwill in the neighborhood.

So what?

#12 Jenk

Jenk
  • Members
  • PipPipPip
  • Advanced Member
  • 778 posts

Posted 15 September 2006 - 01:21 PM

Nice of you to only copy and paste the least relevant definition ;)

#13 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 15 September 2006 - 01:26 PM

Look what it says: 1. meaning these are the most common definitions. Don't tell me you had a different definition in mind?  ;D

The universe is relative eh? I guess next you're going to make an argument the world is actually flat as a pancake?  :P

#14 Jenk

Jenk
  • Members
  • PipPipPip
  • Advanced Member
  • 778 posts

Posted 15 September 2006 - 01:47 PM

But you still only copied one definition, which is the least relative ;) What point are you trying to make about the commonality of the definition? ???

I'll point you in the correct direction that you continue to ignore.. Establish is also a synonym for Determine.

#15 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 15 September 2006 - 02:03 PM

But you still only copied one definition, which is the least relative ;) What point are you trying to make about the commonality of the definition? ???

I'll point you in the correct direction that you continue to ignore.. Establish is also a synonym for Determine.


Is THAT what you were aiming at?  :D  Establish, determin, generate, conclude, call it what you want, that doesn't change my argument at all!

Being this:

- Determine which action the user has requested, if the user is allowed such action and serve the appropriate action.


Consist of three different actions, when extracted, equalling 'my' second and third lists' (which had different names for the same actions) order!


On a sidenote, here's what I was intentionally leaving out:  8)

2.
a. To place or settle in a secure position or condition; install: They established me in my own business.
b. To make firm or secure.


I thought you were going to misuse the secundairy definitions containing the keyword 'secure', claiming that is how you meant it from the start.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users