I'm just dropping the argument, since its philosophical at this
point. You are correct, not every app would be harmed, but it
violates the principles of defense in depth if one of your defenses is
so easily removed.
-dhs
Dean H. Saxe, CISSP, CEH
[email protected]
"[U]nconstitutional behavior by the authorities is constrained only by
the peoples' willingness to contest them"
--John Perry Barlow
On Mar 11, 2009, at 11:52 AM, Charlie Arehart wrote:
Sure, but I've got to ask: is that a concession to my point? :-)
(that not every app that uses CFINPUT validation would be harmed if
some
bastard removed it?)
This isn't about me winning an argument, by the way. It's just that
I can't
tell if you're letting it go because you think I can't be convinced
(or
don't want to belabor the point), or because now that my point is
clear, you
see it's not so loopy after all. :-)
If you'd say it's the former, fair enough, and don't feel compelled
to make
the point. I'm sure you've plenty busy, and others may feel that the
two
sides have been represented.
This was just another of my counters to the assertion that some
less-than-perfect features in CF need to be abandoned by all (CFFORM
being
among those often named). I just say, that's just not so for
everyone. We
just need to understand its limitations, and for that I do thank you
and
others for keeping us in mind of that.
/charlie
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Dean H.
Saxe
Sent: Wednesday, March 11, 2009 11:23 AM
To: [email protected]
Subject: Re: [ACFUG Discuss] over-stating security concerns? (was RE:
ValidateAt parameter is effectively only client side )
Of course there is no disrespect Charlie. I think we all need a big
group hug. ;-)
Dean H. Saxe, CISSP, CEH
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
