Coldbox and VueJS untangled

Tag: cbvalidation

cbValidation: creating a better uniqueValidator

How often do you want to be sure values in your newly inserted records are unique? I just counted in my current project: 28 times. That’s a lot of repetitive code if you validate this requirement each time, so it makes sense to use some kind of uniqueness validator in cbvalidation. In older releases of cbvalidation there only was a unique validator for ORM which looks like this:

{ 
    fieldName : { validator: "UniqueValidator@cborm" },
    // or
    fieldName : { "UniqueValidator@cborm" : {}  }
}

So pretty easy, you don’t have to specify tablenames, fieldnames or primary keys. That’s only possible if you are using ORM entities, because they have all database information included in the entity definition. So if you want to use request collection validation you are out of luck( in a previous post I explained why this might be a good idea ).

Continue reading

cbValidation: validating a model or the request collection?

Recently I was coding a fluent API based on this sample code which was presented at ITB 2020 by Gavin Pickin. When I was testing I discovered I could overwrite existing records when trying to insert new ones, which sounds like a huge security vulnerability. But before blaming Gavin for this let me confess I changed the code a little, just enough to create this security hole. So this exercise showed me the following:

  • never ever populate a model automatically from the request collection without realizing what your customers can insert.
  • validating your request collection before populating your model has it advantages.
Continue reading

© 2024 ShiftInsert.nl

Theme by Anders NorenUp ↑