undefined | Better HN

0 pointsthrowawayish9y ago0 comments

- Structured data instead of always somewhat wonky text formats

- Request-reply -- Acknowledge stuff. Especially when it's security relevant

- For security relevant stuff, don't just silently fail or fall back to some idiot default. Eg. say a command message for setting a password doesn't contain the password field -- then fail the request, don't assume an empty password.

(Ie. be liberal about what you accept but not too liberal)

0 comments

1 comments · 1 top-level

tinus_hn9y ago

You shouldn't be liberal at all if security is a concern. You should be strict, use a well defined format and refuse anything that doesn't comply.

It isn't difficult to be strict so being liberal is just asking for trouble uselessly.

j / k navigate · click thread line to collapse