You see how we're converging on "just use proper input validation", which is the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Dec 1, 2010 \| parent \| context \| favorite \| on: Main GNU source repository server compromised You see how we're converging on "just use proper input validation", which is the all-time least useful piece of advice in software security?

Dylan16807 on Dec 2, 2010 [–]

Because input validation is hard to do. A rule to not pass input EVER (outside of parameters), even in a supposedly validated form, is something different.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact