[WEB SECURITY] Re: HTTP Parameter Pollution
Martin O'Neal
martin.oneal at corsaire.com
Wed May 20 14:03:07 EDT 2009
> 2. It would be better if an RFC or similar states how to treat them.
I would disagree with this. This isn't a standard thing really; it is
perfectly valid for an application to expect zero/one/infinity
parameters; the issue only arises when the application does not handle a
mismatch between expectation and actuality...
Martin...
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list