On 18.04.2010 14:35, Ben Laurie wrote:
In general, whitelists are bad because they close extension points.
Please consider using a black list instead.
In general, blacklists are bad because they open security holes.
My experience is that people work around white lists by tunneling
information through the parts they are allowed to use. That doesn't help
at all, because it makes detecting and blocking the bad stuff even
harder (example: tunneling other HTTP methods through POST using a
"method override" request header).
Best regards, Julian