Article:  |
Introducing mod_security | |
| Subject: | bad application design shouldn't drive new development | |
| Date: | 2003-12-01 02:00:43 | |
| From: | ivanr | |
|
Response to: bad application design shouldn't drive new development
|
||
| I agree completely. One should always try to fix/enhance the application and not rely on other security layers, such as mod_security, for protection. I see mod_security as a protection layer operated by people other than original software developers. From their point of view, software is a black box. Their task is to do everything they can to minimize the risk of a security breach. The example you mentioned is, unfortunate as that may be, a representative of a quality of the code widely available today. | ||
Showing messages 1 through 1 of 1.
As for canonizing paths a better approach would be to reject these with HTTP 500. I actually do that in the apps in a more user friendly way but if I don't have the source for something I'd rather show my visitors a HTTP 500 page.