NYCPHP Meetup

NYPHP.org

[nycphp-talk] "The Web is broken and it's all your fault."

Chris Shiflett shiflett at php.net
Wed Sep 20 04:11:25 EDT 2006


Anirudh Zala wrote:
> Your point is valid. But if you fully read my first reply to
> this thread, You could figure out that my suggestions about
> minimizing security threats are to take precautions from all
> possible areas.

You're describing defense in depth, the use of redundant safeguards.
This is a valuable practice, but I want to stress that client-side
filtering has zero security value. Zero.

It cannot be considered a defense in depth mechanism and has no place in
a discussion about security.

Chris

-- 
Chris Shiflett
Principal, OmniTI
http://omniti.com/



More information about the talk mailing list