课程: Programming Foundations: Web Security
今天就开通帐号,24,600 门业界名师课程任您挑!
Deny-listing and allow-listing
- Let's talk about lists, lists that allow something and lists that deny something, and why allow-lists are the more secure choice. Santa Claus famously keeps a list of children who are naughty and nice. Nice children get presents, but naughty children get a lump of coal. Deny and allow-lists bring a similar idea to programming. Deny-lists, sometimes known as blacklists or block lists, are a reference list of items or actions which are negative and should be forbidden. It may be IP addresses that have been banned from accessing a server, it could be actions that a user's not allowed to take, it may be types of data that a server will not accept. Allow-lists, sometimes known as whitelists or safe lists, are the opposite, instead of listing what should be forbidden, they list items or actions which should be permitted. The usernames that can access a website are a common example of an allow-list. You may think the deny-lists…
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程
内容
-
-
-
-
Least privilege3 分钟 33 秒
-
(已锁定)
Simple is more secure2 分钟 40 秒
-
(已锁定)
Never trust users3 分钟 7 秒
-
(已锁定)
Expect the unexpected2 分钟 10 秒
-
(已锁定)
Defense in depth3 分钟 23 秒
-
(已锁定)
Resilience4 分钟 31 秒
-
(已锁定)
Security through obscurity3 分钟 56 秒
-
(已锁定)
Deny-listing and allow-listing3 分钟 3 秒
-
(已锁定)
Map exposure points and data passageways3 分钟 34 秒
-
-
-
-