Hi, >> Isn't this a security problem? > Not for my use case, where the db is created by a local user within his home > directory :-)
You need to make sure things like "./../../test" is not allowed. But you also need to filter backslash, and possibly other characters, specially escape sequences (search Google for "Double Decode File System Traversal"). I think it's more secure to whitelist known good characters (a-z, A-Z, _, 0-9) than to blacklist known bad ones, as you can't be completely sure which are the bad ones. Regards, Thomas > > > -- > You received this message because you are subscribed to the Google Groups > "H2 Database" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/h2-database?hl=en. > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/h2-database?hl=en.
