What are blacklisting and whitelisting?
Blacklisting and whitelisting are opposites, but not exact opposites. It is not just a simple matter of programming style. It has important implications, because each one handles future cases differently.
Example Imagine that we have a set of options: A, B, C, D, E, F. We want to allow A, B, and C, but disallow D, E, and F. There are two ways to do this:
Blacklist items D, E, and F.
Whitelisted items A, B, and C.
Both would have the same result.
At a later date, unknown to us, a new item Z becomes a possible value, and Z is a dangerous security threat. In the first version, Z is not blacklisted, so it would be allowed by default. In the second version, Z is not whitelisted, so it would be disallowed by default.
Whitelisting, or "secure by default", is the more secure approach.
