Firewall Wizards mailing list archives
Re: Re: Air Gaps vs. Firewalls
From: "Chuck Swiger" <chuck () codefab com>
Date: Wed, 4 Oct 2000 17:33:16 -0400
On Tue, 03 Oct 2000 15:50:58 -0500, Rick Smith wrote:
This is a surprise to me. Do web site developers really work with specs that would clearly define the possible values flowing through a URL? Is this common anywhere except perhaps the most sophisticated sites?
Some of us do, but no, it's not common.
Even if one has such specs, wouldn't it make more sense to use those specs to automatically generate range and type checking code at the server end?
Agreed-- validation of FORM data and the like should be handled by the web application itself. To a large extent, what constitutes "legitimate" and "illegitimate" data depends on information which a firewall should not touch or be aware of. For example, imagine an online store, where pricing for items is held in a database. Lets say that items may not be in stock yet, so the web app needs to know to not offer those items for sale. How would a firewall determine that a particular item number in an URL is available or not, short of querying the database itself? -Chuck Chuck Swiger | chuck () codefab com | Spin VBHY? -------------+-------------------+----------- "Diplomacy is the art of saying 'Nice doggy', while searching for a rock." -- Talleyrand _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Air Gaps vs. Firewalls Mike Bobbitt (Oct 01)
- Re: Air Gaps vs. Firewalls Mikael Olsson (Oct 01)
- <Possible follow-ups>
- RE: Re: Air Gaps vs. Firewalls rreiner (Oct 03)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- Re: Re: Air Gaps vs. Firewalls Chuck Swiger (Oct 04)
- Log monitoring / alerting Jean Caron (Oct 09)
- RE: Re: Air Gaps vs. Firewalls Ryan Russell (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Frederick M Avolio (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- Re: Air Gaps vs. Firewalls Rick Smith at Secure Computing (Oct 14)