A whitelist is a list of items that are granted access to a certain system or protocol. When a whitelist is used, all entities are denied access, except those included in the whitelist. The opposite of a whitelist is a blacklist, which allows access from all items, except those included the list.
The following are examples of different whitelist applications:
- A network administrator may configure a firewall with a whitelist that only allows specific IP addresses to access the network.
- A protected directory within a website may use a whitelist to limit access to certain IP addresses.
- Some e-mail systems can be configured to only accept messages from e-mail addresses that have added to a user's whitelist.
- Programmers can use whitelists within programs to ensure only certain objects are modified.
Whitelists are a good option when only a limited number of entities need to be granted access. Because all items not included in a whitelist are denied access, whitelists are considered more secure than blacklists. However, if only a few entities need to be denied access, a blacklist is more practical.