Firewall Wizards mailing list archives
Re: preventing XSS and SQL injection?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 02 Jun 2005 15:32:45 -0400
ArkanoiD wrote:
It is ok when securing server traffic, but becames extremely difficult when it comes to client proxy, because there are too many legitimate traffic patterns to add :-(
"Too many legitimate patterns" is still easier to manage than "infinite bad patterns" which is what you'll eventually be approaching if you try to come up with matches for all the possible attacks. Hmmm... Did you notice that this brief little Email exchange has summarized the history of the last 15 years of computer security in 3 sentences? mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? David Thiel (Jun 02)
- Re: preventing XSS and SQL injection? Devdas Bhagat (Jun 02)
- <Possible follow-ups>
- Re: preventing XSS and SQL injection? J. Oquendo (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- RE: preventing XSS and SQL injection? Behm, Jeffrey L. (Jun 02)
- Re: preventing XSS and SQL injection? J. Oquendo (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)