George Capehart wrote:
Yvan Boily wrote:
Hi George,
I think a much more eloquent form of what you are saying is that
validation must be performed each time data crosses a security
boundary.
Hello Yvan,
I absolutely agree. Wish I'd said it myself . . . :)
In other words, it's just Javascript. Do your coding securely. I don't
like the big buzz. This is nothing new.
The challenge is in helping people to understand what a security boundary is.
Errrmmmmmm. Into understatement these days, eh? :)
I wish I had a good Yoda quote right now, but all I can come up with is
Terry Goodkind, which I feel very ashamed of.
Gadi.
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
