top | item 45733625

(no title)

motorest | 4 months ago

> Being liberal in what you accept comes at _huge_ costs to the entire ecosyste

Why do you believe that?

Being liberal in what you accept doesn't mean you can't do input validation or you're forced to pass through unsupported parameters.

It's pretty obvious you validate the input that is relevant to your own case, you do not throw errors if you stumble upon input parameters you don't support, and then you ignore the irrelevant fields.

The law is "be conservative in what you send, be liberal in what you accept". The first one is pretty obvious.

How do you add cost to the entire ecosystem by only using the fields you need to use?

discuss

SAI_Peregrinus|4 months ago

The problem with Postel's law is that people apply it to interpreting Postel's law. They read it as encouraging you to accept any input, and trying to continue in the face of nonsense. They accept malformed input & attempt to make sense of it, instead of rejecting it because the fields they care about are malformed. Then the users depend on that behavior, and it ossifies. The system becomes brittle & difficult to change.

I like to call it the "hardness principle". It makes your system take longer to break, but when it does it's more damaging than it would have been if you'd rejected malformed input in the first place.

motorest|4 months ago

> They accept malformed input & attempt to make sense of it, instead of rejecting it because the fields they care about are malformed.

I don't think that's true at all. The whole point of the law is that your interfaces should be robust, and still accept input that might be nonconforming in some way but still be possible to validate.

The principle still states that if you cannot validate input, you should not accept it.

Timwi|4 months ago

It sounds like you didn't read the article. The vulnerability occurs precisely because a request parser tried to be lenient.