httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: Can we be less forgiving about what we accept?
Date Mon, 28 Nov 2011 01:14:54 GMT

On 28 Nov 2011, at 00:37, Stefan Fritsch wrote:

> Hi,
> 
> while browsing a bit through Michael Zalewski's new Tangled Web book, 
> I was reminded again that we are very forgiving about what we accept 
> as a request. Is this really a good idea in the time of lots of web 
> security issues?

Sounds like you're thinking of something like mod_taint[1] plus a default
ruleset to ship it with?

[1] http://people.apache.org/~niq/mod_taint.html

-- 
Nick Kew

Mime
View raw message