On 7/6/06, ik <[EMAIL PROTECTED]> wrote:
That's how security vulnerabilities starts... When you do not have at
least a default way of handling stuff, and you just throw it all back
at the user ...
If you can't handle the file format, you can report it, but if you
don't have some type of balance, then something bad can happen (like I
will create on purpose a malformed CSV, and exploit the way you failed
to parse it).
Ummm... my CSV Parser does have a default behaviour for malformed CSV.
It raises a Malformed CSV Exception with a description of where and
what caused the issue and then stops processing the file. Now
whatever program/class uses the CSV Parser can do with that exception
what they please - mine notifies the user. I am failing to see how
this can be a security risk?
Regards,
- Graeme -
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
