On 5/21/2010 10:36 AM, Jim Lucas wrote:
Al wrote:
On 5/21/2010 9:24 AM, David Otton wrote:
On 20 May 2010 16:51, Al wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the b
Al wrote:
>
>
> On 5/21/2010 9:24 AM, David Otton wrote:
>> On 20 May 2010 16:51, Al wrote:
>>
>>> I'm not being clear. First pass is thru the blacklist, which effectually
>>> tells hacker to not bother and totally deletes the entry.
>>>
>>> If the raw entry gets past the blacklist, it must then
On 5/21/2010 9:21 AM, Ashley Sheridan wrote:
On Fri, 2010-05-21 at 14:24 +0100, David Otton wrote:
On 20 May 2010 16:51, Al wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past
On 21 May 2010 14:21, Ashley Sheridan wrote:
> I still think you might be better off using BBCode, which is used on
> websites just for this very purpose. When any input comes back, you can
> remove all the HTML completely and replace the BBCode tags that you
> allow. This should guarantee that t
On 5/21/2010 9:24 AM, David Otton wrote:
On 20 May 2010 16:51, Al wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain my
whitelist tags.
On Fri, 2010-05-21 at 14:24 +0100, David Otton wrote:
> On 20 May 2010 16:51, Al wrote:
>
> > I'm not being clear. First pass is thru the blacklist, which effectually
> > tells hacker to not bother and totally deletes the entry.
> >
> > If the raw entry gets past the blacklist, it must then only
On 20 May 2010 16:51, Al wrote:
> I'm not being clear. First pass is thru the blacklist, which effectually
> tells hacker to not bother and totally deletes the entry.
>
> If the raw entry gets past the blacklist, it must then only contain my
> whitelist tags. e.g., the two examples you cited were
On 5/20/2010 12:43 PM, Ashley Sheridan wrote:
On Thu, 2010-05-20 at 12:40 -0400, Al wrote:
On 5/20/2010 12:02 PM, Jim Lucas wrote:
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Alwrote:
I agree blacklisting is a flawed approach in general. My approach i
On Thu, 2010-05-20 at 12:40 -0400, Al wrote:
>
> On 5/20/2010 12:02 PM, Jim Lucas wrote:
> > Al wrote:
> >>
> >>
> >> On 5/20/2010 11:23 AM, David Otton wrote:
> >>> On 20 May 2010 15:52, Al wrote:
> >>>
> I agree blacklisting is a flawed approach in general. My approach is to
> stric
On 5/20/2010 12:02 PM, Jim Lucas wrote:
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Al wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable
tags. The
But that's not
Al wrote:
>
>
> On 5/20/2010 11:23 AM, David Otton wrote:
>> On 20 May 2010 15:52, Al wrote:
>>
>>> I agree blacklisting is a flawed approach in general. My approach is to
>>> strictly confine entry text to a whitelist of benign, acceptable
>>> tags. The
>>
>> But that's not what you've done. Yo
On Thu, 2010-05-20 at 11:51 -0400, Al wrote:
>
> On 5/20/2010 11:23 AM, David Otton wrote:
> > On 20 May 2010 15:52, Al wrote:
> >
> >> I agree blacklisting is a flawed approach in general. My approach is to
> >> strictly confine entry text to a whitelist of benign, acceptable tags. The
> >
> >
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Al wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable tags. The
But that's not what you've done. You've blacklisted the following pat
On 20 May 2010 15:52, Al wrote:
> I agree blacklisting is a flawed approach in general. My approach is to
> strictly confine entry text to a whitelist of benign, acceptable tags. The
But that's not what you've done. You've blacklisted the following patterns:
"\
would sail straight through tha
On 5/20/2010 10:07 AM, Ashley Sheridan wrote:
On Thu, 2010-05-20 at 14:27 +0100, David Otton wrote:
On 20 May 2010 13:53, Al wrote:
I have a password-protected, user, on-line editor that I'm hardening against
hackers just in case a user's pw is stolen or local PC is infected.
The user can
On Thu, 2010-05-20 at 14:27 +0100, David Otton wrote:
> On 20 May 2010 13:53, Al wrote:
> >
> > I have a password-protected, user, on-line editor that I'm hardening against
> > hackers just in case a user's pw is stolen or local PC is infected.
> >
> > The user can enter html tags; but, I restric
On 20 May 2010 13:53, Al wrote:
>
> I have a password-protected, user, on-line editor that I'm hardening against
> hackers just in case a user's pw is stolen or local PC is infected.
>
> The user can enter html tags; but, I restrict the acceptable tags to benign
> ones. e.g., , , , etc. e.g., no
On 20 May 2010 14:53, Al wrote:
> I have a password-protected, user, on-line editor that I'm hardening against
> hackers just in case a user's pw is stolen or local PC is infected.
>
> The user can enter html tags; but, I restrict the acceptable tags to benign
> ones. e.g., , , , etc. e.g., no
>
I have a password-protected, user, on-line editor that I'm hardening against
hackers just in case a user's pw is stolen or local PC is infected.
The user can enter html tags; but, I restrict the acceptable tags to benign
ones. e.g., , , , etc. e.g., no
Just to be extra safe, I've added a fun
19 matches
Mail list logo
