Women in Technology

Hear us Roar



Article:
  Introducing mod_security
Subject:   bad application design shouldn't drive new development
Date:   2003-12-08 06:08:02
From:   anonymous2
Response to: bad application design shouldn't drive new development

I'd rather dump an app that passes SQL queries as GET/POST parameters rather than try to protect exploiting that... who knows how many other bugs are in it.


As for canonizing paths a better approach would be to reject these with HTTP 500. I actually do that in the apps in a more user friendly way but if I don't have the source for something I'd rather show my visitors a HTTP 500 page.