On 28 Nov 2011, at 00:37, Stefan Fritsch wrote: > Hi, > > while browsing a bit through Michael Zalewski's new Tangled Web book, > I was reminded again that we are very forgiving about what we accept > as a request. Is this really a good idea in the time of lots of web > security issues?
Sounds like you're thinking of something like mod_taint[1] plus a default ruleset to ship it with? [1] http://people.apache.org/~niq/mod_taint.html -- Nick Kew