On Fri, 03 Aug 2007 10:03:37 -0300, Francois Armand <[EMAIL PROTECTED]>
wrote:
Thiago H de Paula Figueiredo wrote:
Would a black list intead of a white list better? I suppose there are
less files to hide than files to allow access.
Well, I think that one of the best principle in security is "explicit
authorization" : you just do not want that a confidential file is
accessible by error, because a user forgot to hide it.
That's a very good point. ;)
But I agree that the white list should authorize jokers to enable
"*.jpg" kind of filter (and if you name your confidential file
"picture_of_my_secret_weapon.jpg", well, to bad for you ;)
Maybe we could allow any .jpg, .gif, .jpg and .css file by default and
explicitly whitelist the rest.
And no, I don't want to see the picture of your secret weapon, whatever it
is. :P
Thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
