October 01, 2003
URL Canonicalization Testing
Handling Illegal FilenamesWhile not really a URL canonicalization issue, another area most applications fail to handle correctly is illegal filenames. Most file-handling APIs allow COM1 and other system-reserved names to be treated identically to a normal file. This is nifty when you need to do so but is a tailor-made security hole when you don't: Since there won't be any data at that port to read, the API you call will patiently wait for some data to appear, which means your app is now effectively hung. Rather than remembering all 23 reserved names, use CommonTestCases.IllegalFilenameTestCases. Not only do you get a list of the reserved names, but you get several of their variants as well: leading and trailing spaces, and upper, lower, and mixed case. However, going through these cases is not enough: You also need to append ".ext" and ".ext.ext" (replacing "ext" with whatever the appropriate extension is for your application), as all these variants are illegal as well.
— M.J.H.
Previous Page |
1
|
2
|
3
|
4
|
5
|
6
|
7
|
8
|
9
|
10
|
11
|
12
|
13
|
14
|
15
|
16
Next Page
|
 |
|
|||||||||||||||||||||||||||
|
