From: aleph1at_private > We have all heard the old security principle of not filtering out > known bad input but filtering in known good input, but I've never heard > it "named" like we name the "principle of least privilege". Do you know > of any such name? I am thinking of simply christening the principle of > inclusion. > I am defining it as: The principle of inclusion tells us that when > performing input validation for security purposes we should not > define what is considered invalid input and refuse any > input that matches this definition, since our definition of what > is invalid may not be complete, and that instead we should define what > is considered valid input and refuse any input that does not match > this definition. Tanenbaum says in "Operating Systems Design and Implementation" Second, the default should be no access. Errors in which legitimate access is refused will be reported much faster than errors in which unauthorised access is allowed. This input validation question seems to me to be a special case of the above and could be called the default-deny principle.
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 09:15:31 PDT