A (possibly) better way to get input integrity

[fc () all net (Dr. Frederick B. Cohen)]

Maintaining integrity of input is often facilitated by:

1 - Performing syntax checks of ALLOWABLE sequences and
        rejecting all others

2 - Associating a source to all input, a level of trust
        to the source, and treating the input from less
        trusted sources more carefully.

3 - Associating input with its purpose and treating it
        appropriately to the purpose.

[FLAME ON]

Note that the sendmail implementations have failed repetedly because
instead of checks for ALLOWABLE sequences, they have checks for NOT
ALLOWED characters, and they allow input for one purpose to be used for
another purpose.  Since when do we have email addresses with `|;{(*&'?,
return and newline in them?  For that matter, why should we allow for
inputs with 8-bit bytes, ^D, ^Z, or other control, meta, or escape
characters.  These are not legitimate email address components and
should not be permitted for this purpose.

Note also that the reason we are asked to use post in httpd (and have
all the other problems associated therewith) is that we don't have
commonly used input filters on shell scripts.  I still use the so-called
unsafe httpd input methods, but the attacks don't seem to work because I
restrict syntax to [a-zZ-Z0-9_.!@%] or some other appropriate thing
before running it through the shell scripts. 

Hope this fuels the fire a bit.

[FLAME OFF]
FC