> We have all heard the old security principle of not filtering out >known bad input but filtering in known good input, but I've never heard >it "named" like we name the "principle of least privilege". Do you know >of any such name? It's an instance of what's known as "fail-safe defaults". (restrictive policies are preferred over permissive policies) See Saltzer and Schroeder's paper "The Protection of Information in Computer Systems" for a list of several such principles. http://web.mit.edu/Saltzer/www/publications/protection/index.html This particular one appears in Section I.A.3.b.
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 09:17:48 PDT