Re: [PHP-DEV] A validator module for PHP7

This is only part of a thread. view whole thread
  100526
September 11, 2017 21:39 yohgaki@ohgaki.net (Yasuo Ohgaki)
Hi,

On Tue, Sep 12, 2017 at 6:35 AM, lists@rhsoft.net <lists@rhsoft.net> wrote:

> > Am 11.09.2017 um 23:07 schrieb Yasuo Ohgaki > >> On Tue, Sep 12, 2017 at 12:22 AM, Stephen Reay <php-lists@koalephant.com> >> >>> So, you still didn’t actually provide an example. I *guess* you’re >>> talking >>> about character class validation or something else equally “simple”, >>> because I can’t imagine what else would be a common enough case that >>> you’d >>> want to have built-in rules for, and that you wouldn’t internally use >>> RegExp to test anyway. >>> >> >> Your request is like "Devil's Proof". Example code that cannot do things >> with existing API cannot exist with meaningful manner. It can be explained >> why it cannot, though. Try what "validate" string validator can do, >> Then you'll see. >> >> There is no STRING validation filter currently. This fact alone, >> it could be said "filter cannot do string validation currently". >> >> List of problems in current validation filter >> > but you still fail to explain why in the world you don#t try to enhance > the existing filter functions instead invent a new beast leading finally to > have the existin filter functions and your new stuff which share the same > intention > > Why don't you read previous RFC and the vote result?
https://wiki.php.net/rfc/add_validate_functions_to_filter Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net
  100527
September 11, 2017 21:49 yohgaki@ohgaki.net (Yasuo Ohgaki)
Hi,

On Tue, Sep 12, 2017 at 6:39 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> Hi, > > On Tue, Sep 12, 2017 at 6:35 AM, lists@rhsoft.net <lists@rhsoft.net> > wrote: > >> >> Am 11.09.2017 um 23:07 schrieb Yasuo Ohgaki >> >>> On Tue, Sep 12, 2017 at 12:22 AM, Stephen Reay <php-lists@koalephant.com >>> > >>> >>>> So, you still didn’t actually provide an example. I *guess* you’re >>>> talking >>>> about character class validation or something else equally “simple”, >>>> because I can’t imagine what else would be a common enough case that >>>> you’d >>>> want to have built-in rules for, and that you wouldn’t internally use >>>> RegExp to test anyway. >>>> >>> >>> Your request is like "Devil's Proof". Example code that cannot do things >>> with existing API cannot exist with meaningful manner. It can be >>> explained >>> why it cannot, though. Try what "validate" string validator can do, >>> Then you'll see. >>> >>> There is no STRING validation filter currently. This fact alone, >>> it could be said "filter cannot do string validation currently". >>> >>> List of problems in current validation filter >>> >> but you still fail to explain why in the world you don#t try to enhance >> the existing filter functions instead invent a new beast leading finally to >> have the existin filter functions and your new stuff which share the same >> intention >> >> > Why don't you read previous RFC and the vote result? > https://wiki.php.net/rfc/add_validate_functions_to_filter >
I'm a bit surprised by the fact there are "filter improvement" supporters. You should have participated in the previous RFC discussion. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net
  100529
September 11, 2017 21:56 lists@rhsoft.net ("lists@rhsoft.net")
Am 11.09.2017 um 23:49 schrieb Yasuo Ohgaki:
> but you still fail to explain why in the world you don#t try to > enhance the existing filter functions instead invent a new beast > leading finally to have the existin filter functions and your > new stuff which share the same intention > > > Why don't you read previous RFC and the vote result? > https://wiki.php.net/rfc/add_validate_functions_to_filter > <https://wiki.php.net/rfc/add_validate_functions_to_filter> > > > I'm a bit surprised by the fact there are "filter improvement" supporters. > You should have participated in the previous RFC discussion
and i am suprise that you act *that* stubborn and obviously think when you give the bike a new name someone will buy it instead really consider the contras of previous proposals
  100528
September 11, 2017 21:54 lists@rhsoft.net ("lists@rhsoft.net")
Am 11.09.2017 um 23:39 schrieb Yasuo Ohgaki:
> On Tue, Sep 12, 2017 at 6:35 AM, lists@rhsoft.net > but you still fail to explain why in the world you don#t try to > enhance the existing filter functions instead invent a new beast > leading finally to have the existin filter functions and your new > stuff which share the same intention > > > Why don't you read previous RFC and the vote result? > https://wiki.php.net/rfc/add_validate_functions_to_filter
and why do you not take the contra arguments against how do you think things should be done into your considerations and believe bikeshed it with a different name will achieve anything? it's basially the same as your hash_hkdf() related stuff - you just ignore everybody and cntinue to ride a dead horse up to a level where even pure readers of the internals list just have enough and only think "stop it guy"
  100530
September 11, 2017 22:16 yohgaki@ohgaki.net (Yasuo Ohgaki)
Hi,

On Tue, Sep 12, 2017 at 6:54 AM, lists@rhsoft.net <lists@rhsoft.net> wrote:

> > > Am 11.09.2017 um 23:39 schrieb Yasuo Ohgaki: > >> On Tue, Sep 12, 2017 at 6:35 AM, lists@rhsoft.net but you still fail >> to explain why in the world you don#t try to >> enhance the existing filter functions instead invent a new beast >> leading finally to have the existin filter functions and your new >> stuff which share the same intention >> >> >> Why don't you read previous RFC and the vote result? >> https://wiki.php.net/rfc/add_validate_functions_to_filter >> > > and why do you not take the contra arguments against how do you think > things should be done into your considerations and believe bikeshed it with > a different name will achieve anything? >
If you understand the difference, there are huge different with respect to behaviors. Previous RFC was halfway finished "validation", it's far from "true validation". it's basially the same as your hash_hkdf() related stuff - you just ignore
> everybody and cntinue to ride a dead horse up to a level where even pure > readers of the internals list just have enough and only think "stop it guy"
hash_hkdf() discussion comes to conclusion finally if you haven't noticed it. It is clear now that Nikita and Andrey does not understand the algorithm ( including underlying HMAC and cypto hash characteristics) and RFC. See the relevant thread for conclusion. (The latest one) In short, current hash_hkdf() is not only violates RFC 5869, but also encourages extremely insecure usage, has unnecessarily incompatible API with respect to other hash functions. On Tue, Sep 12, 2017 at 6:56 AM, lists@rhsoft.net <lists@rhsoft.net> wrote:
> and i am suprise that you act *that* stubborn and obviously think when you > give the bike a new name someone will buy it instead really consider the > contras of previous proposals
"Validate" and "filter improvement" fundamentally different proposal in fact. i.e. Validate does true white list validation, while filter improvement is halfway. Almost all apps do not implement "proper application level input validation" yet, even if all of security guidelines/standards recommends/requires it. What do you mean by "stubborn"? Would you like me to try to remove "input validations" from security guidelines or standards? If you seriously think so, you're the one should try. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net