> and may in fact be a symptom of deeper string-validation issues It may also be... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

_pmf_ on Sept 5, 2017 | parent | context | favorite | on: A collection of things software developers should ...

> and may in fact be a symptom of deeper string-validation issues

It may also be a sign that there's a very early filtering stage that drops request at a very remote edge, which is a very good thing to do. See [0]; basically, you configure your server to completely drop requests that contain any character that has any possibility of being suspicious.

[0] http://twiki.org/p/pub/Support/ConfigureFailsOnNext/mod_secu...

andai on Sept 5, 2017 [–]

I think you meant to post in a different thread?

icebraining on Sept 5, 2017 | [–]

It's a response to the "Big List of Naughty Strings" article, liked from the Every Programmer Should Know List.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact