The conversation was kick-started by my blog post about the Required attribute and what it does (and does not) mean.
More importantly, I want to re-address the security issues I brought up in the last post, now in the context of Model Validation, to understand whether this change makes your applications more secure.
The Default Model Binder class had validation hooks as well as built-in support for IData Error Info for validation.
In addition to validation, there are also possible model-binding errors.
But what if the user wasn't offered the chance to edit that field? More importantly, what if a bad guy decided to try to "under-post" your form by leaving off the Last Name field? What this means is that we will always run all validators on an object, if that object had at least one value bound into it during model binding.
We run the property-level validators first, and if all of those succeed, we'll run the model-level validators.
Theodore Chiacchio is a Partner at Spence PC in Chicago, Illinois. Chiacchio, a PTO-registered patent attorney, has amassed over 15 years of experience litigating high-stakes, complex, federal civil cases. Chiacchio’s litigation practice has focused predominantly on patent litigation, Mr. Tags:35 USC 102, aia, clinical trials, drug development, Guest Contributor, mpep, patent, patents, pharmaceuticals, prior art, public use Posted In: Guest Contributors, IP News, IPWatchdog Articles, Articles, Patent Litigation, Patents, Pharmaceutical, Pharmaceuticals, Technology & Innovation Warning & Disclaimer: The pages, articles and comments on do not constitute legal advice, nor do they create any attorney-client relationship.
Chiacchio also has significant experience with other types of civil litigation, including copyright infringement, a range of other business torts, employment discrimination, and white collar civil enforcement matters. Chiacchio has substantial experience representing his clients before the USPTO’s Patent and Trial Appeal Board in connection with Inter Partes Review proceedings, in connection with which he has represented both patent challengers and patent-holders. Chiacchio has also spent a considerable portion of his career preparing Opinions of Counsel regarding patent infringement/non-infringement, patent validity/invalidity, patent enforceability/unenforceability, and freedom to operate. Chiacchio regularly counsels clients regarding all manner of patent-related strategy issues. Chiacchio’s patent law experience spans a range of technologies, including pharmaceuticals, computer software, mechanical (including medical devices), battery technologies, digital signage, and monitoring/tracking sensor technology, among other technologies. Chiacchio earned his Bachelor of Arts degree (Biology, French) from Bucknell University in 1999 and his Juris Doctor degree from Cornell University Law School in 2002. Chiacchio served as an associate at Kenyon & Kenyon (now part of Andrews Kurth Kenyon) and, most recently, practiced for just short of a decade at a top tier patent litigation boutique in Chicago. The articles published express the personal opinion and views of the author and should not be attributed to the author’s employer, clients or the sponsors of
Accordingly, a proper analysis of whether a use constitutes a public use has always involved an inquiry into, first, whether the invention was “ready for patenting,” and secondly, whether the use was in fact public or not. Such would-be prior art, however, is not limited to that published or otherwise emanating from others but also includes time bars such as the public use bar.
Under the AIA, a public use may be invalidating whether it occurred within or outside the United States, with a similar but weaker one year grace period applying. Since the AIA uses similar language defining invalidating public use it can be expected that pre-AIA case law and principles will remain relevant, but time shifted to reflect the first to file realities of the AIA. For example, proof of reduction to practice prior to the alleged public use is often relied upon by patent challengers in an effort to establish that the invention was ready for patenting at the time of the use. Patent applications are typically filed early on in the process of developing and commercializing a pharmaceutical drug product.
Under pre-AIA Section 102(b), the public use had to be carried out within the United States and more than one year prior to the filing of a patent application in order to be invalidating. Patent and Trademark Office has not opined on whether an experimental use exception remains under the AIA, public use does clearly still remain an impediment to patentability. The legal principles set out above, while seemingly straight-forward enough, leave ample room for case-specific interpretation and application when it comes to the question of whether the use of a claimed invention in connection with carrying out clinical trials will constitute an invalidating public use.
If the Home Address property had a [Required] attribute on it, it would fail, because Home Address would be null.
It's null because we didn't bind any values into Home Address, and therefore never manufactured a new Home Address object.