Inbound or Outbound Sanitation?
Posted: Wed Mar 16, 2005 10:30 pm
I've been deliberating over this for some time now, because in the past I implemented it in an ad hoc way, so now I want to choose one or the other.
What are the advantages and disadvanteges of inbound sanitation, and what about outbound sanitation?
A few reasons I can think off my head:
Inbound sanitation is good because it only requires data to be sanitized once: whereas outbound sanitation must be executed every time the page is loaded (unless you cache it). Outbound sanitation, however, is easily adaptable and can be changed quickly, whereas a change in an inbound sanitation scheme would require the new rules be applied to everything in the database.
What else? Does it matter depending on what you're storing?
What are the advantages and disadvanteges of inbound sanitation, and what about outbound sanitation?
A few reasons I can think off my head:
Inbound sanitation is good because it only requires data to be sanitized once: whereas outbound sanitation must be executed every time the page is loaded (unless you cache it). Outbound sanitation, however, is easily adaptable and can be changed quickly, whereas a change in an inbound sanitation scheme would require the new rules be applied to everything in the database.
What else? Does it matter depending on what you're storing?