Chris,
I was clearly not arguing in favor of ignorance, or that it's a valid method
of security. Please re-read my messages.
-Matt
----- Original Message -----
From: "Chris Shiflett" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "Zend Framework General" <[email protected]>
Sent: Sunday, March 25, 2007 7:31 AM
Subject: Re: [fw-general] Zend_Filter_Input...
Matthew Ratzloff wrote:
Well, my point was that because any of those can be manipulated
(POST, GET, COOKIE, etc.), selecting from a specific source can
lead to a false sense of added security.
The idea that ignorance promotes security is fundamentally flawed.
Pádraic clearly understands the risks associated with this perspective.
In addition, this approach works against the HTTP spec, eroding the
important distinction between GET and POST requests.
Chris
