(scalewithlee.substack.com)

601 points scalewithlee | 2 comments | 25 Apr 25 13:48 UTC | HN request time: 0s | source

Show context

mrgoldenbrown ◴[25 Apr 25 14:29 UTC] No.43793965[source]▶

>>43793526 (OP) #

Everything old is new again :) We used to call this the Scunthorpe problem.

https://en.m.wikipedia.org/wiki/Scunthorpe_problem

replies(4): >>43794722 #>>43796424 #>>43797167 #>>43803530 #

kreddor ◴[25 Apr 25 18:42 UTC] No.43797167[source]▶

>>43793965 #

I remember back in the old days on the Eve Online forums when the word cockpit would always turn up as "c***pit". I was quite amused by that.

replies(1): >>43801362 #

1. Too ◴[26 Apr 25 06:20 UTC] No.43801362[source]▶

>>43797167 #

This is actually a better solution, replacing dangerous words with placeholders, instead of blocking the whole payload. That at least gives the user some indication of what is going on. Not that I'm for any such WAF filters in the first place, just if having to choose between the lesser of two evils I'd choose the more informative.

replies(1): >>43802798 #

2. Matumio ◴[26 Apr 25 11:55 UTC] No.43802798[source]▶

>>43801362 (TP) #

Not so sure. Imagine you have a base64 encoded payload and it just happens to encode the forbidden word. Good luck debugging that, if the payload only gets silently modified.

I suddenly understand why it makes sense to integrity-check a payload that is already protected by all three of TLS, TCP checksum and CRC.

↑

Writing "/etc/hosts" breaks the Substack editor