undefined | Better HN

0 pointsjrockway15y ago0 comments

I agree; I always design my software with as many failsafes as possible. For example, I design my applications to crash safely. But, I also try to make sure they never crash.

Similarly, web application developers need to make sure that their app is 100% safe without hacks like mod_security. But after you do that, sure, turn on mod_security. People and processes can fail, and it's good to have as many failsafes as possible.

I object to things like mod_security because, in general, people write piece of shit apps and then think they are safe because the mod has the word "security" in it. That doesn't make you safe, that makes you ignorant.

0 comments

1 comments · 1 top-level

maratd15y ago

Please keep in mind that mod_security does a lot more than sanitize input. I use it to limit and control invalid http authentications, which is not natively supported in Apache.

j / k navigate · click thread line to collapse