whitelist for anti-virus? so anything else outside sa whitelist is a
virus or unwanted or at least "unconfirmed" program?
kinda like microsoft's antispyware.. "our MS programs are good and safe
for u... while the little-known freeware apps are to
be marked and labeled as 'unsigned' or 'not verified to be safe'"
:D
what if naay pure-whitelist na OS ?
"allow installation only to apps considered 'GOOD' in 'OUR' list; for
other unverified apps, please contact and pay us a fat fee"
hard wyrd wrote:
The Whitelist method has been the best kept secret when talking about
security in any application.
A lot of apps (anti-vir, etc...) uses blacklisting and this is
somewhat ineffective specially towards problems that you haven't
encountered yet. Explicitly and selectively allowing methods,
functions, applications will prevent exploitation.
On 11/4/06, *Raymond Olavides* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
On 11/3/06, *Matt Arnilo S. Baluyos* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
On 11/3/06, mungkey < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
> Hehehe, oo murag inana gyud na toykhu. sa una gani naa pud
to nga butangan
> lang nimo og backlsash zero sa end, then pwede nasab la maka
butang og new
> query like insert or update, if naay insert priv ang imong gi
injekan, sure
> na. pero usually kanang mga quote gyud ang maka tabla. I
believe naay filter
> or sanitizer ginagamit sila ni matt and ardie sa ilang mga
ajax apps. mas
> maka explain sila ani og gi una pud nila ... kana kung di
sila busy. hehehe.
> busy raba daw tong duha nako ka mga aydol sigi ... hehehe.
It's a framework na pwede makuha sa Internet. kses ang ngalan
and you
can get it at http://sourceforge.net/projects/kses
<http://sourceforge.net/projects/kses>
I think it's the one used by Wordpress. Amo lang dayon tong
gi-wrap sa
isa ka class para mubagay sa among API.
Yup! kses is the one used by wordpress. I prefer to use
phpinputfilter, the one used by Joomla!. btw, phpinputfilter now
has a PEAR package.
The difference with kses and phpinputfilter is in their filter
implementation, whitelist allowed tags/characters and blacklist
unwanted tags/characters respectively.
Best practices papers suggests that whitelisting should be the way
to go in filtering user input - which is what we are doing when do
a switch case statement. I prefer phpinputfilter as it is more
popular, and to my knowledge being constantly updated (the PEAR
package) and to my tests hasn't allowed me to inject
unwanted characters into the database.
Basta kung sqlinjection istoryahan, /never trust user input/.
Always validate and sanitize input. One just have to be
disciplined enough to pass all user input to a good
sanitizer/filter at every load of your script or at every receipt
of input from client.
---
http://audienceone.blogspot.com
_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] <mailto:[email protected]>
(http://cdo.linux.org.ph)
Searchable Archives: http://archives.free.net.ph
--
"A dog that has no bite, barks loudest."
Registered Linux User #400165
Subscribed to:
LARTC, Open-ITLUG, PRUG, KLUG, sybase.public.ase.linux
------------------------------------------------------------------------
_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] (http://cdo.linux.org.ph)
Searchable Archives: http://archives.free.net.ph
_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] (http://cdo.linux.org.ph)
Searchable Archives: http://archives.free.net.ph
