On 28 Nov 2011, at 00:37, Stefan Fritsch wrote:

> Hi,
> 
> while browsing a bit through Michael Zalewski's new Tangled Web book, 
> I was reminded again that we are very forgiving about what we accept 
> as a request. Is this really a good idea in the time of lots of web 
> security issues?

Sounds like you're thinking of something like mod_taint[1] plus a default
ruleset to ship it with?

[1] http://people.apache.org/~niq/mod_taint.html

-- 
Nick Kew

Reply via email to