in reply to An important distinction in thread how could i make "them" understand that security IS important ?
you're right. But i wanted to make it short, actually my "client" is a middleware (it intercepts requests from the client and (was filtering them and) forwards them to the server - actually, to a servlet). Data used to be filtered in the servlet, but as this "was slowering down the backend" (sic!) this had been removed, and put in some other object, deep in the code, and the "filtering" is done very late, and only on missing params - not on potentially harmfull chars. That's why i felt like *some* filtering had to be done, maybe not in the right place.
And about the most damaging attack, i totally agree with you.
|