On 19 Mar 2010, at 01:24, silky <[email protected]> wrote:
Yeah, but there are obviously implementation issues and training issues there. Complexity leads to errors.
There's a balance point somewhere, your just moving the complexity. Depends on how far you take the abstraction.
I would argue that the HTTP and HTML specs are quite simple and if one took the time to understand the basics, all the 'complexities' would be less complex.
Afterall, you can browse the web using telnet to port 80 (unless the web site uses webforms, with all the jiggery pokery of dopostback(), etc) or it's SSL. :)
You did mention training, and yes it's a prereqisite for anything beyond eating, sleeping, etc. Surely?
It's no so simple. OWASP puts out a thing like that OWASP ESAPI; but does anyone use it? Or know of it? Or trust it?
No. Yes. Possibly.
-- silky http://www.programmingbranch.com/
