> >While testing IIS security, I was able to locate an old flaw which is
> >still present in many server services on Win32. The problem deals
> >with a compatibility issue with the old Win16/DOS file naming system
> >known as the 8.3 naming system.
>
> One well-known workaround for this issue that will take care of this
> problem, regardless of the server software, is to disable 8.3 filenames.
Does this break the GetShortPathName function? This converts
long file names in the 8.3 equivalent.
The catch is that Microsoft recommend using the 8.3 name when
registering COM servers (due to a bug in CreateProcess when there
is a space in the server's directory path or file name). So you may
not be able to register any COM servers on this partition (which may
not be a bad thing... :-)
Kenn
