ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
  Introducing mod_security
Subject:   bad application design shouldn't drive new development
Date:   2003-12-01 02:00:43
From:   ivanr
Response to: bad application design shouldn't drive new development

I agree completely. One should always try to fix/enhance the application and not rely on other security layers, such as mod_security, for protection. I see mod_security as a protection layer operated by people other than original software developers. From their point of view, software is a black box. Their task is to do everything they can to minimize the risk of a security breach. The example you mentioned is, unfortunate as that may be, a representative of a quality of the code widely available today.

1 to 1 of 1
1 to 1 of 1