[rt-users] R: R: R: Custom authentication script fails with > ExternalAuthPriority not defined, please check your configuration file

Scotto Alberto al.scotto at reply.it
Wed Jan 2 18:53:42 EST 2013

Alberto Scotto

Blue Reply
Via Cardinal Massaia, 83
10147 - Torino - ITALY
phone: +39 011 29100
al.scotto at reply.it

On 01/01/2013 10:43 AM, Scotto Alberto wrote:
> Don't know what is the best. I think using preconditions is a strong
> practice that gives you freedom and lets you avoid duplicate checks.
> Actually, the preconditions must be documented...
> So I think that I may go for documenting the precondition in the wiki
> page (also for simplicity).
> What do you think?

Relying on the input being validated before handed to the function is
asking for trouble as soon as the function starts being used in multiple
places, some of which may not validate the input.  The function should
be a black box, and you shouldn't need to know that it's going to pass
provided arguments to shell_exec().  Fix problems at the source, not at
some more distant location.  You'll end up playing whack a mole otherwise.



Thanks for your contribution.

> Fix problems at the source
>From my point of view, the "source" is who/what generates the input: the user who fills in a form. So, this is why I say that the input validation should be done around the View layer, while in the back ("rt_auth" function) I should assume with a precondition that the input is not evil anymore.


The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.

More information about the rt-users mailing list