RE: [fw-wiz] preventing XSS and SQL injection?

• Previous message: J. Oquendo: "Re: [fw-wiz] preventing XSS and SQL injection?"
• Maybe in reply to: ArkanoiD: "[fw-wiz] preventing XSS and SQL injection?"
• Next in thread: J. Oquendo: "Re: [fw-wiz] preventing XSS and SQL injection?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <ark@eltex.net>, "Marcus J. Ranum" <mjr@ranum.com>
Date: Thu, 2 Jun 2005 14:37:01 -0500

But adding all legitimate traffic patterns would seem to be a less
difficult task
than trying to add all known (and unknown) bad patterns. You seem to
have hit
the nail on Marcus' proverbial head with regards to the point he seems
to me to
be trying to make regarding "permit only what is good."

On Thursday, June 02, 2005 1:58 PM, ArkanoiD spake:

>It is ok when securing server traffic, but becames extremely difficult
when it
>comes to client proxy, because there are too many legitimate traffic
patterns to add :-(
>
>On Thu, Jun 02, 2005 at 03:03:36PM -0400, Marcus J. Ranum wrote:
>> ArkanoiD wrote:
>> >Are there any hints on preventing cross-site scripting attacks and
>> >SQL injection on proxy firewall by, say, applying some regexps on
url data?
>>
>> Instead of trying to block what is bad, permit only what is good.
>>
>> Can you observe your legitimate traffic and converge forward
>>> on a set of regexps that define what "good" looks like? Then
>> deny all else. You might be able to do that in a fairly
straightforward
>> manner using Squid proxy cache ACLs.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: J. Oquendo: "Re: [fw-wiz] preventing XSS and SQL injection?"
• Maybe in reply to: ArkanoiD: "[fw-wiz] preventing XSS and SQL injection?"
• Next in thread: J. Oquendo: "Re: [fw-wiz] preventing XSS and SQL injection?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: shrimp patterns for permit ... wasting my time with crab patterns for permit, and that I should get some small shrimp patterns; ... One of the guides had some taht were tied in Montana by a client that worked well. ... We had numerous shots at permit, ... (rec.outdoors.fishing.fly.tying) shrimp patterns for permit ... and all of the guides told that I was pretty much ... wasting my time with crab patterns for permit, and that I should get some ... small shrimp patterns; especially spawning shrimp. ... (rec.outdoors.fishing.fly.tying) Re: Zack admits testable (DNA-ID vs. SETI) ... by zooming in on them and determined that the apparent patterns were due to ... but some of the others could be less distinct images. ... So now we have to modify the Bryce Jacobs DNA-ID non-hypothesis: ... left some unknown pattern encoded in some unknown fashion using some ... (talk.origins)