Forum Discussion

Nimbostratus

Apr 15, 2013

Meta Characters

Hi , I have ASM 11.2.1 that starts blocking web pages due to meta character violation in the password parameters (during authentication), I allowed some meta characters for the users to be able ...

app sec

BIG-IP Access Policy Manager (APM)

security

Torti

Cirrus

Apr 23, 2013

Mike you are right. The ASM is only for an increase of security. Security starts with secure coding. If you want 100% security, disconnect from the www.

I see my way not as an opposite to your way Mike. I restrict, what I don't want, but I allow a user the input of about 30 meta characters, because the mistake of wrong characters can happen.

And a good coded application doesn't allow the user to input wrong meta character or will inform the user about his mistake. But this isn't possible, if you block everything and respond with a single blocking response page. Only if you use a script on client side.

You allways have to find the balance between usability and security.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)