|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bob Lee (crazybob_at_crazybob.org)
Date: Thu Aug 08 2002 - 00:40:40 CDT
On 8/7/02 10:02 PM, "Ben Mord" <benmord
earthlink.net> wrote:
>> You place safeguards where they are most economically
>> viable,
>
> Yup
>
>> and at this point, putting safeguards on the server is a
>> no-brainer.
>
> This is where you would put them if the server was under attack. But it isn't.
>
> Ben
>
The server is most definitely under attack. The malicious client attacks the
server forcing it to serve malicious content to another client. The only
place this can be stopped is at the server. The target client has absolutely
no way to differentiate a valid script from an invalid one.
HTTP is a client interface just like any other. The application developer
has a responsibility to develop for all possible inputs, including malicious
ones.
Bob
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]