I believe that all [*] of the problems David Wheeler mentions could be solved if ALL characters in filenames were "escaped" - e.g. by placing them into some unused prefix space of your character encoding - when being processed. ALL of the characters, not just special characters.  Characters that already have such a prefix applied get two prefixes applied, etc.
Ditto for any script injection or SQL injection attacks.
Note: * I usually attempt false modesty, and say things like "all or almost all".   But this obscures the point.  ALL can be.
Fixing Unix/Linux/POSIX Filenames: Control Characters (such as Newline), Leading Dashes, and Other Problems: "Interesting alternative: Auto-convert spaces to unbreakable spaces
"
'via Blog this'
Disclaimer
The content of this blog is my personal opinion only. Although I am an employee - currently of Nvidia, in the past of other  companies such as Iagination Technologies, MIPS, Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.
See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.
See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.
Subscribe to:
Comments (Atom)
 
