RE: Principle of Inclusion?

From: Hall, Philip (phallat_private)
Date: Wed Jun 27 2001 - 07:39:32 PDT

Next message: Crispin Cowan: "Re: Principle of Inclusion?"

Previous message: Ken Pfeil: "RE: CDSA-biometrics"
Maybe in reply to: aleph1at_private: "Principle of Inclusion?"
Next in thread: Crispin Cowan: "Re: Principle of Inclusion?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Elias,

>  I am defining it as: The principle of inclusion tells us that when 
>performing input validation for security purposes we should not
>define what is considered invalid input and refuse any
>input that matches this definition, since our definition of what
>is invalid may not be complete, and that instead we should define what
>is considered valid input and refuse any input that does not match
>this definition.

To me, the way your definition reads, it may sound better calling it the
'Principal of Exclusion' or 'Principal of Validation Exclusion' as you
defining what is to be refused or excluded from the valid set.

Just my thoughts...

Next message: Crispin Cowan: "Re: Principle of Inclusion?"
Previous message: Ken Pfeil: "RE: CDSA-biometrics"
Maybe in reply to: aleph1at_private: "Principle of Inclusion?"
Next in thread: Crispin Cowan: "Re: Principle of Inclusion?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 09:30:39 PDT