WebApp Sec mailing list archives

RE: [WEB SECURITY] Re: HTTP Parameter Pollution

From: Stefano Di Paola <stefano.dipaola () wisec it>
Date: Fri, 22 May 2009 13:53:55 +0200

Martin,

Il giorno mer, 20/05/2009 alle 22.47 +0100, Martin O'Neal ha scritto:

(thereby breaking all the apps that currently work in the opposite

way)

that is a reasonable point :)
When anarchy is in place (no rules) trying to introduce a standard
(rules) could have its own drawbacks.
In an utopian world, anarchy could be also acceptable (people respect
each other, developers know their environment), but since people does
mistakes, rules helps persons in having a guideline.
I'd also prefer to let people, developers and servers do whatever they
want, knowing and respecting the unspoken rules.

Going too much into philosophy, so I stop here :)

Cheers,
Stefano & Luca



--
Stefano Di Paola
Chief Technology Officer, LA/ISO27001
Minded Security Research Labs Director

Minded Security - Application Security Consulting

Official Site: www.mindedsecurity.com

Personal Blog: www.wisec.it/sectou.php

Current thread:

RE: [WEB SECURITY] Re: HTTP Parameter Pollution Martin O'Neal (May 22)
- <Possible follow-ups>
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Martin O'Neal (May 22)
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Stefano Di Paola (May 22)
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Martin O'Neal (May 22)
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Martin O'Neal (May 25)
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Stefano Di Paola (May 25)