[mariusmg]

>My approach has always been to validate anything that crosses a trust boundary.

That's a good approach unless a validation requires a db call with inner join (for example). This becomes too costly to do it 5 times (for example) just to get something written into db.

[Spearchucker]

It remains a good approach, even in your scenario - because that perf problem is solved using a temporal cache.

[barrkel]

Caches are an excellent way to introduce path-dependent, time-sensitive bugs.

[Spearchucker]

The safest, most bug-free code is no code at all.

[mariusmg]

I see it now .....

A interface to define the validation aspect. 3 separate implementations of said interface : 1 for db lookup, 1 for cache lookup and last for unit tests. 1 factory method which return the instance to use depending of context. Another temporal cache that holds the instance of said interface (after all, you can never have enough caches).

And all of a sudden, validating some single shit takes +300 lines of code (plus tests). Welcome to enterprise , clean, better designed, greatly arhitected software everyone....

[Spearchucker]

Why do an interface at all? Is the validation definitely being shared across business functions?