[Owasp-charlotte] Code Jam: PHP Validation Library

Thu Mar 22 14:22:42 UTC 2012

I would like for starters to begin working on a PHP data validation
framework. Not dissimilar from JSR-303, but being PHP, I'd like a lot
less overhead.

What *I* would LIKE to see in such a framework is:
* Something familiar to PHP programmers - i.e., let's not write a Java
validation framework in PHP, but lets do things the way PHP people are
accustomed to.
* Something deliberate - as a security practitioner, I've never seen a
good validation framework where validation is done transparently and
automatically - this almost universally means "make sure we don't
allow bad data", but nobody knows what all bad data will look like.
You have to choose to use (or not use) this. And you have to choose
the right validators to use.
* Something consistent - whatever pattern we choose to use to
implement this should be consistent regardless of the type of data
you're producing, and errors should be handled consistently across the
board. We can't return NULL for some functions and throw exceptions
for others or raise E_ERROR for yet others
* Something imperative - this one I'm flexible on. But lots of apps
try to make things declarative, so in addition to learning the
language and framework, you have to learn a new XML schema or a new
YAML schema or a new DSL. PHP isn't compiled, so calling validation
routines explicitly and imperatively is not much more difficult than
writing an XML file. As I said, I'm more flexible on this one.
* Something that's a joy to use - at least for PHP programmers.
Whatever we make should be fun enough to use that you want to do it
some more. JSR-303 is kinda' like this. I did something that looked
like rocket science, but it wasn't really that hard, but it makes
writing the code so much more fun.

For this code jam, I need a few people (no more than 5). A good mix
will be people will include
* people who use PHP for a living and can really answer the first two
items and the last. What frameworks have you used in the past that
remind you how great it is to be a PHP programmer? What design
patterns did they use that make you happy? How can we apply that to a
new library/framework? (I started something using magic methods, but
I'm certain it's not how PHP programmers are accustomed to working).
* a scribe. Initially we're going to be planning a framework and not
just jump in writing code. We need somebody who can document the
requirements really well
* coders - if you've got a little PHP experience or a lot is fine -
once we determine the design pattern, the rest should mostly fall into
place.

We can either use a Google+ Hangout or GoToMeeting to do this. If we
use GoToMeeting, I need a bit of advance notice to get it all set up
through OWASP. I've used Google+ Hangouts in the past and they work
really well for this sort of thing as we can edit documents
collaboratively (as in multiple people typing simultaneously) screen
share an editor, have video and voice chat, etc. I think the first
session of this we should probably plan on an hour for starters, then
see if there's a division of labor that reveals itself from that.

Tuesdays and Thursdays work best for me, although I'm teaching next Thursday.

Anybody available next Tuesday night - maybe 8pm-9pm?

-- 
-- coleslaw