Re: [Owasp-input-api-developers] turning the problem inside out]]

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

At 03:28 PM 6/21/2002 -0700, you wrote:

>You know I am far from an expert on this in any shape or form, but if I
>were doing this (and this may already be assumed in another mail
>thread)  before solving that problem I would first define a system that
>allows the developer to specify a small set of valid input chars and
>reject everything else at the boundary. Its pretty damn hard to run sql
>injection, xss etc anywhere if you only allow A-Z ASCII as input.

A-Z
a-z
0-9
- (dash)
_ (underscore)
space (ASCII 32)

I *think* we're safe with those characters...

  --
Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek)
JustThe.net LLC, Mentor On The Lake, OH  888.480.4NET   http://JustThe.net
"In a 32-bit world, you're a 2-bit user/You've got your own newsgroup:
alt.total.loser"   - "Weird Al" Yankovic, "It's All About the Pentiums"