A worthy discussion that show concerns that each of us need to keep in mind on this matter.
Perhaps an agreement to disagree on the various points exemplified, shake hands and I buy the next round of drinks? Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Wed, Mar 11, 2009 at 11:58 AM, Dean H. Saxe <d...@fullfrontalnerdity.com>wrote: > I'm just dropping the argument, since its philosophical at this point. You > are correct, not every app would be harmed, but it violates the principles > of defense in depth if one of your defenses is so easily removed. > > -dhs > > > Dean H. Saxe, CISSP, CEH > d...@fullfrontalnerdity.com > "[U]nconstitutional behavior by the authorities is constrained only by the > peoples' willingness to contest them" > --John Perry Barlow > > > On Mar 11, 2009, at 11:52 AM, Charlie Arehart wrote: > > Sure, but I've got to ask: is that a concession to my point? :-) >> >> (that not every app that uses CFINPUT validation would be harmed if some >> bastard removed it?) >> >> This isn't about me winning an argument, by the way. It's just that I >> can't >> tell if you're letting it go because you think I can't be convinced (or >> don't want to belabor the point), or because now that my point is clear, >> you >> see it's not so loopy after all. :-) >> >> If you'd say it's the former, fair enough, and don't feel compelled to >> make >> the point. I'm sure you've plenty busy, and others may feel that the two >> sides have been represented. >> >> This was just another of my counters to the assertion that some >> less-than-perfect features in CF need to be abandoned by all (CFFORM being >> among those often named). I just say, that's just not so for everyone. We >> just need to understand its limitations, and for that I do thank you and >> others for keeping us in mind of that. >> >> /charlie >> >> >> -----Original Message----- >> From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe >> Sent: Wednesday, March 11, 2009 11:23 AM >> To: discussion@acfug.org >> Subject: Re: [ACFUG Discuss] over-stating security concerns? (was RE: >> ValidateAt parameter is effectively only client side ) >> >> Of course there is no disrespect Charlie. I think we all need a big >> group hug. ;-) >> >> >> Dean H. Saxe, CISSP, CEH >> >> >> >> >> ------------------------------------------------------------- >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by http://www.fusionlink.com >> ------------------------------------------------------------- >> >> >> >> > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > >
