Language versus application security
Posted Jan 31, 2003 0:54 UTC (Fri) by copsewood
In reply to: Language versus application security
Parent article: A look at the MS-SQL worm
Yep. The approach of deciding what valid data should look like and excluding everything else is similar to the default-deny approach to firewall setups. This can reduce functionality slightly or slightly increases the effort of getting added functionality secure, but its probably much less hassle than trying specifically to exclude what is considered dangerous when you can only ever have limited knowledge of what might be exploitable in future.
to post comments)