Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Tue Jun 26 2001 - 23:54:36 CDT
> We have all heard the old security principle of not filtering out
> known bad input but filtering in known good input, but I've never heard
> it "named" like we name the "principle of least privilege". Do you know
> of any such name? I am thinking of simply christening the principle of
> I am defining it as: The principle of inclusion tells us that when
> performing input validation for security purposes we should not
> define what is considered invalid input and refuse any
> input that matches this definition, since our definition of what
> is invalid may not be complete, and that instead we should define what
> is considered valid input and refuse any input that does not match
> this definition.
Tanenbaum says in "Operating Systems Design and Implementation"
Second, the default should be no access. Errors in which legitimate
access is refused will be reported much faster than errors in which
unauthorised access is allowed.
This input validation question seems to me to be a special case of the above
and could be called the default-deny principle.