[nycphp-talk] "The Web is broken and it's all your fault."
Chris Shiflett
shiflett at php.net
Wed Sep 20 04:11:25 EDT 2006
Anirudh Zala wrote:
> Your point is valid. But if you fully read my first reply to
> this thread, You could figure out that my suggestions about
> minimizing security threats are to take precautions from all
> possible areas.
You're describing defense in depth, the use of redundant safeguards.
This is a valuable practice, but I want to stress that client-side
filtering has zero security value. Zero.
It cannot be considered a defense in depth mechanism and has no place in
a discussion about security.
Chris
--
Chris Shiflett
Principal, OmniTI
http://omniti.com/
More information about the talk
mailing list