Join Kevin Skoglund for an in-depth discussion in this video Blacklisting and whitelisting, part of Foundations of Programming: Web Security.
In this movie, we'll talk about blacklisting and whitelisting. And we'll learn why whitelisting is the more secure choice. You may have heard the term blacklisting before. One of the most famous examples of this term is in the 1940s and 50s, many Hollywood screenwriters, actors, directors, and musicians were forbidden from working, because of their suspected support for the American Communist Party. They were said to be blacklisted, there wasn't any formal list, but anyone on the widely known informal list wasn't given any work. They'd been placed on the no access list.
We have the same concept of blacklisting for security too, if we list users banned from our site or list the actions that a user can't take or list types of data that are not allowed. Then we have created a blacklist. It's reference list for what is forbidden. Whitelisting is the opposite of blacklisting. Instead of listing what is forbidden, we list what is permitted. We list the users who can access our site We list the actions that users can take. We list the types of data that are allowed. Now you might just think that it's just a matter of preference, whether you're choosing all except the ones on this list or whether you're choosing only the ones that are on a list.
But even though they're opposites they're not equal. Let me show you what I mean. Let's imagine that we have three items, A, B, and C. And let's imagine that only B should be accessible. In a fictitious programming language I might write blacklist A and C or I could type whitelist B; both of these would have the same effect. A and C would not be available, B would be available, but what if I add D to the set of items? And D should not be accessible.
In the blacklist approach, it's accessible by default. I must remember to add it to my blacklist. In the whitelist approach it is inaccessible by default. I don't have to do anything extra. D is going to be inaccessible because I've only whitelisted B. Restricted by default is a more secure approach. Let me give you a more real world example. Imagine that we want to allow users to submit text to our website via a web form, and we will allow them to use some HTML tags, but not others.
If we take a blacklist approach, then we have to list every single HTML tag that they can't use. And we have to hope that we don't miss one. Or that a new tag isn't added to the HTML spec later, which happens regularly. And if we do miss one, we may never know. If we take a white list approach, then we list only the tags that user can use. If we miss one, it's no big deal from a security standpoint. It's going to be off by default. It might affect our users, but they'll let us know there's a missing feature or a bug, and then we'll come in and we'll fix it.
The choice to use whitelisting or blacklisting comes up in many different security areas, not just in filtering HTML input. Learn to recognize it as a pattern when you see it, so that you can make a smart choice about which one to use. Blacklisting isn't wrong, it does have some legitimate uses. But whitelisting means restricted by default and that's a more secure approach.
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments