If someone you didn't know came to your door and offered you something to eat, would you eat it? No, of course you wouldn't.
1. All input is evil until proven otherwise.
2. Data must be validated as it crosses the boundary between untrusted and trusted environments.
(Howard & LeBlanc, Writing Secure Code, 2/e)
投資也有類似的情形,凡是可疑的事物,我們都應當把它們看作是虛妄的。對於小道消息,一定要小心查證,我們之所以受騙,就是因為我們對小道消息沒有十分精確的認識。感官在許多情形下是會騙人的,不要因為一時的衝動而隨意投資,投資機會是「等」出來的。
A Strategy for Defending Against Input Attacks
Check Validity: Deny all access until you determine the request is valid.
以投資來說,我相信公開資訊觀測站。
沒有留言:
張貼留言