On Tue, 29 Sep 2020 16:59:34 -0700, Charles Mills wrote: >Applications should not "validate" filenames before attempting to open or >create a file. Present the name to the file system API and report any error >back to the user. Application filename validation is what leads to these >inconsistencies. > I'll emphasize that. Applications and UIs should not modify filenames -- add blanks; remove blanks; change case, etc. A related problem arose a while ago when the requirement (possibly delusional) for mixed-case passwords appeared. Many applications which though they were doing a users a favor by converting passwords to upper case had to be modified. The operation should always have been left to the security product.
-- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
