"Marcus J. Ranum" wrote:
> The "take whole classes of problems off the table" approach
> is what engineers consider elegance of design. It's that kind
> of elegance that is mostly lacking in how we do operating
> systems and security system design, today.

There is a structured systems design book I have (I think that's the
one, anyway) that recommends input be conditioned as early in the data
flow as possible so it's done and over with, and you can not have to
worry about unconditioned data floating around in the system, being
(similarly) conditioned in multiple places (code redundancy), etc.
Similar concept.

firewall-wizards mailing list