[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] 250 site limit URGENT HELP REQUIRED
- Subject: Re: [cobalt-users] 250 site limit URGENT HELP REQUIRED
- From: "Mike Fritsch" <mfritsch@xxxxxxxxxxxx>
- Date: Wed Oct 11 19:38:11 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I guess you do what you prefer.
----- Original Message -----
From: "Jens Kristian Søgaard" <jens@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, October 11, 2000 11:38 AM
Subject: Re: [cobalt-users] 250 site limit URGENT HELP REQUIRED
> "Mike Fritsch" <mfritsch@xxxxxxxxxxxx> writes:
>
> > ereg() and verify EVERY input from your users make sure EVERYTHING is
> > compatible and work, can't bug down the server
>
> No, that's really not the best way to do it.
>
> Besides that ereg() is a very slow function, it is also a general rule
> in security to use "positive" lists, and not "negative" lists.
>
> I.e. say "The user may enter A, B or C here".
>
> Not "The user may NOT enter XYZ here".
>
> > use encryption and a database backend...
>
> Encryption is not a solution to all problems.
>
>
> BTW: I would recommend you all to read Bruce Schneier's new book
> "Secrets and Lies". It gives even "business-types" a great
> introduction to Digital Security.
>
>
> --
> Jens Kristian Søgaard, Mermaid Consulting I/S,
> jens@xxxxxxxxxxxxxxxxxxxx,
> http://www.mermaidconsulting.com/
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users