Re: [fw-wiz] preventing XSS and SQL injection?
From: ArkanoiD (ark_at_eltex.net)
Date: 06/02/05
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] preventing XSS and SQL injection?"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] preventing XSS and SQL injection?"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] preventing XSS and SQL injection?"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] preventing XSS and SQL injection?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Marcus J. Ranum" <mjr@ranum.com> Date: Thu, 2 Jun 2005 22:58:12 +0400
It is ok when securing server traffic, but becames extremely difficult when it
comes to client proxy, because there are too many legitimate traffic patterns to add :-(
On Thu, Jun 02, 2005 at 03:03:36PM -0400, Marcus J. Ranum wrote:
> ArkanoiD wrote:
> >Are there any hints on preventing cross-site scripting attacks and
> >SQL injection on proxy firewall by, say, applying some regexps on url data?
>
> Instead of trying to block what is bad, permit only what is good.
>
> Can you observe your legitimate traffic and converge forward
> on a set of regexps that define what "good" looks like? Then
> deny all else. You might be able to do that in a fairly straightforward
> manner using Squid proxy cache ACLs.
>
> mjr.
>
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
>
>
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] preventing XSS and SQL injection?"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] preventing XSS and SQL injection?"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] preventing XSS and SQL injection?"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] preventing XSS and SQL injection?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
