Regex validation, was Re: Programmers with network engineering skills

• Previous message (by thread): Regex validation, was Re: Programmers with network engineering skills
• Next message (by thread): CISCO ASA Botnet Traffic Filter contact off-list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Joel Maslak wrote:
> is not.  But there is value in not passing utter garbage to another
> program (it has a tendency to clog mail queues, if for no other
> reason) - just make sure you do it right.

I fail to see why you wouldn't be able to throttle any abuse of your 
webform so it wouldn't clog a mail queue. Besides it's very hard to clog 
or otherwise overload an MTA, since it's purpose built to handle that 
kind of thing.

I also fail to see why it would be so hard to install an MTA listening 
on localhost which sole purpose would be to validate email addresses and 
nothing else. And just dumps any possible outgoing email to /dev/null.

If you're afraid of clogging the mail queue then only hand it off to the 
sending MTA after validation succeeded. But to be honest why would you 
care? MTAs are purpose made to handle such things.

I can't really think of a scenario where validating an email address 
using a separate service would create such a performance bottleneck. If 
you have robots flooding your web forms 1000s of times a second (still 
peanuts for the average MTA) you need to rethink your security and abuse 
prevention...not your email validation...I would say. :-)

People us a separate database instance for database queries, the 
database server has its own code to validate input. We don't code our 
own database server as part of the web form handling code. Why not hand 
of email validation the same way?

> Okay, I'll step off the soap box and let the next person holler about
> how I was wrong about all this!

You're mostly right, but I disagreed about the email validation part. I 
just don't see a point in re-inventing the wheel when there are 
perfectly capable free alternatives that can do it for you with no 
noticeable performance penalty.

Greetings,
Jeroen

-- 
Earthquake Magnitude: 4.8
Date: Saturday, March 17, 2012 01:49:29 UTC
Location: Banda Sea
Latitude: -7.0313; Longitude: 123.4175
Depth: 632.60 km

• Previous message (by thread): Regex validation, was Re: Programmers with network engineering skills
• Next message (by thread): CISCO ASA Botnet Traffic Filter contact off-list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]