On Mon, Mar 12, 2012 at 5:08 PM, Richard Lynch <c...@l-i-e.com> wrote:
> On Tue, March 6, 2012 3:30 am, Florian Anderiasch wrote: > > Security by blacklist almost always isn't security... > > You're bound to miss one of the functions you should have blacklisted, > but didn't. > Agreed. The approach I'm developing would be a whitelisting approach. > Something like Drupal would be crippled by this because major > extensions used by all rely on access that would probably want to be > blocked. > > So then they'd have to come up with a "blessed" list of extension to > not block, and then... > The idea would be to make it easy to add to the default whitelist per include. Nice idea, in the abstract, but I don't think it will work out to be > very useful in the Real World (tm). I'm working on documenting the ideas and refining the approach. I think it will hold significant value, but a few years ago I also thought that WebOS would become a major player in the mobile market :) Adam P.S. - Thankful to see that your recent update on your medical prognosis, Richard.
