Daily Archives: March 2, 2007

Filtering for security

I’ve never promoted my filter modules for security applications, but I’ve had it in mind for years.

Then last November, I published a review of Apache security books.  One of those books devotes a full chapter to a case study involving a deeply buggy application, and using filters to protect it.  But the solution presented in the book is almost as scary as the application it’s protecting.  So, I’ve taken that as a cue for an article “Filtering against information disclosure” at ApacheTutor.

Of course, input filters play the most important role in security, whereas this article deals solely with output filters.  So there’s scope to write a lot more!