[nycphp-talk] Query result state strategy

Ophir Prusak prusak at
Thu Feb 16 22:56:24 EST 2006

to quote chris -
"security isn't black and white - it's shades of gray"

but to the point - I'd have to add, it really depends on how big of a
deal is it if someone does something they're not supposed to do.

If this is an ecommerce site - then obviously security is a very big deal.
if it's a bulletin board on an intranet ...

well, you get the point.

On 2/15/06, Cliff Hirsch <cliff at> wrote:
> Lately, it seems like I need to execute queries twice -- the first time to
> gather data and set actions for the presentation layer. That's fine.
> What disturbs me is that I need to do this all over again when receiving
> actionable input, going along with the theory that all input from the client
> is evil unless proved otherwise. Thank you Chris...
> So now I need to run a query again, check to see if the particular action is
> allowed based on the data gathered and than act upon it if the action is
> valid. The joy of an open client-server system.
> Do I just accept this and get on with it? Do I maintain the query results
> and state info with sessions, which I have avoided to date because I believe
> sessions have their own scalability baggage? Comments?
> Cliff Hirsch
> _______________________________________________
> New York PHP Community Talk Mailing List
> New York PHP Conference and Expo 2006
> Show Your Participation in New York PHP

More information about the talk mailing list