Em Thu, 07 Jan 2010 11:36:27 -0200, Andreas Andreou <andy...@di.uoa.gr>
escreveu:
I'm not aware what the OWASP recommandations are. When 2 layers serve
different goals and one of them is vulnerable, it doesn't make sense to
protect the other one - that other layer wouldn't even know what to
protect
against since it could interoperate with any kind of back-end.
I guess the recommendations are that one layer cannot take for granted
that the other has done all the needed validations. In other words, each
layer must do the validations related to the input it takes. Andreas is
right when it says that one layer needn't protect another layer, specially
because one doesn't even know how the other is implemented.
--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
and instructor
Owner, software architect and developer, Ars Machina Tecnologia da
Informação Ltda.
http://www.arsmachina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
