Re: [Mod-security-developers] Positive filter modelization proposal
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Positive filter modelization proposal
|
From: Vincent D. <vin...@in...> - 2006-07-12 11:10:09
|
Ivan Ristic wrote: >> Greetings, >> >> Here is a suggestion of XML modelization for an HTTP filter, based on a >> positive model (ie, not blacklisting known attacks, but rather accepting >> only known, validated good requests). This model is heavily inspired >> from Ivan's publication of november 2005. > > I am somewhat confused. You took my work, changed it heavily, and > now you are sending it back to me as your proposal. Wouldn't it > have been better to point to the inefficiencies of my work so that > we can improve it through discussion? Yes, it would have been better, and I am sorry we couldn't. As I thought I mentionned in former private emails, we had to work in big hurry on the project, and we had to discuss the model internally in order to get something we could use quickly. That is why we didn't have that normal exchange, that I agree would have been much better for everyone. Though, I think we have advanced, and I hope you can agree on some points that we have changed from your initial proposal. How do you want us to work for the better? We can try to provide comments about all changes we made, and why we did, in order to open a discussion. PS : sorry I am destroying the thread this was started in ; for some reason I did not receive your answer, even though I am subscribed to the mailing list. I had to paste it from archives to write this answer. |
