Elias, > I am defining it as: The principle of inclusion tells us that when >performing input validation for security purposes we should not >define what is considered invalid input and refuse any >input that matches this definition, since our definition of what >is invalid may not be complete, and that instead we should define what >is considered valid input and refuse any input that does not match >this definition. To me, the way your definition reads, it may sound better calling it the 'Principal of Exclusion' or 'Principal of Validation Exclusion' as you defining what is to be refused or excluded from the valid set. Just my thoughts...
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 09:30:39 PDT