From: Teresa Raymond <[EMAIL PROTECTED]> > Ok, and where are the recommended characters to disallow? I have > tested and I know which characters are going through but I would like > to make sure I've included most of the recommended list.
Oh my God. Did you read what I wrote or just scaned over quickly for something that would look like a list of "dangerous" characters? Once again, now in short sentences. 1) There is NO single list of dangerous characters. What characters are dangerous depends on the action you do with the data. 2) If you or someone else creates a list of suspicious characters and test whether the data contain any of them, you are NOT safe. It's for sure you'll forget some character, it's for sure there is something you've never heard of that can go wrong. 3) Always test whether the data DO CONTAIN ONLY ALLOWED characters. And allow only the characters you must. Jenda > >From: Teresa Raymond <[EMAIL PROTECTED]> > > > >> Where in the Camel or other resource is the list of characters > >> that we don't want people to type in. I'm still collecting all > >> the resources I lost from my logic board dying. Thanks in > >> advance. > > > >When testing data you should ALWAYS test whether the string > >contains only the allowed characters or is in the allowed format, > >never whether it contains some forbidden characters or contains > >something that you do not like. > > > >You may forget something that happens to be special in your case and > >you would open a security hole while thinking you are safe. > > > >While in the life I prefer "what is not forbidden, is allowed" > >in programming it should be the oposite. > > > >Jenda > > > >=========== [EMAIL PROTECTED] == http://Jenda.Krynicky.cz ========== > >There is a reason for living. There must be. I've seen it somewhere. > >It's just that in the mess on my table ... and in my brain I can't > >find it. --- me > > > >-- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > -- > ------------------------------- > - Teresa Raymond - > - Mariposa Net - > - http://www.mariposanet.com - > ------------------------------- > -- > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] == [EMAIL PROTECTED] == http://Jenda.Krynicky.cz == : What do people think? What, do people think? :-) -- Larry Wall in <[EMAIL PROTECTED]> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
