For completeness.
sauoq is referring to the practice of
whitelisting (specifying what you'll accept) vs.
blacklisting (specifying what you'll reject). Whitelisting is generally considered to be preferable because the list of things you know you want is generally easier to specify than the list of things you know you don't want. This is especially true when dealing with untrusted input because you can
never know about all the crazy wacked-out $h!t people are going to throw at you, maliciously or stoopidly. (Though, one can argue that stoopidity is a form of negligent maliciousness...)
My criteria for good software:
- Does it work?
- Can someone else come in, make a change, and be reasonably certain no bugs were introduced?