|
From: Ivan R. <iv...@we...> - 2006-07-27 19:17:35
|
Carles Bonamusa wrote: > Hi Ivan, > > Next step in our road-map of improving mod_security is to add some > protection > to html forms. Attached to this mail I've set an initial proposal of our > ideas > of some ways of achieving html forms security. It would be great if you > could > check this ideas out and share your comments/ideas as you kindly did back > when we discussed about cookie management. Thanks! I'll review it over the weekend and respond by Monday. > We've been also working on a first approach to comment removal. As far > as it > goes we're having some issues trying to manage tricky situations where > non-standard markup can fool libxml and so fool our comment stripping code, > but for the very standard case this new feature is almost coded and tested. Great! > By the way, I would like to congratulate you for the work you've done on > latest 2.0 version. It is really a huge rewrite that has brought so much > clarity and readability to ms code, in addition to all new features and the > ones to come due to brand new ms internal structure. Thanks. It's been a lot of hard work. But it's something I have planned for many months. Just FYI there's another bit missing, which I plan to implement to accommodate your contributions - a framework for ModSecurity modules. (There's not much work left to do.) > Last but not least, we expect to be able to port/merge our contributions to > 2.x branch as soon as I'm back from my holidays and form protection is > coded and > tested. Excellent. I will do my best to make that happen sooner rather than later. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |
