httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: Can we be less forgiving about what we accept?
Date Mon, 28 Nov 2011 01:14:54 GMT

On 28 Nov 2011, at 00:37, Stefan Fritsch wrote:

> Hi,
> while browsing a bit through Michael Zalewski's new Tangled Web book, 
> I was reminded again that we are very forgiving about what we accept 
> as a request. Is this really a good idea in the time of lots of web 
> security issues?

Sounds like you're thinking of something like mod_taint[1] plus a default
ruleset to ship it with?


Nick Kew

View raw message