Thiago H de Paula Figueiredo wrote:
Would a black list intead of a white list better? I suppose there are less files to hide than files to allow access.
Well, I think that one of the best principle in security is "explicit authorization" : you just do not want that a confidential file is accessible by error, because a user forgot to hide it. But I agree that the white list should authorize jokers to enable "*.jpg" kind of filter (and if you name your confidential file "picture_of_my_secret_weapon.jpg", well, to bad for you ;)

--
Francois Armand
Etudes & Développements J2EE
LINAGORA SA - http://www.linagora.com
Tél.: +33 (0)1 58 18 68 28
-----------
InterLDAP - http://interldap.org FederID - http://www.federid.org/
Open Source identities management and federation


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to