On 7/6/06, Graeme Geldenhuys <[EMAIL PROTECTED]> wrote:
On 7/6/06, ik <[EMAIL PROTECTED]> wrote:
> That's how security vulnerabilities starts... When you do not have at
> least a default way of handling stuff, and you just throw it all back
> at the user ...
>
> If you can't handle the file format, you can report it, but if you
> don't have some type of balance, then something bad can happen (like I
> will create on purpose a malformed CSV, and exploit the way you failed
> to parse it).
Ummm... my CSV Parser does have a default behaviour for malformed CSV.
It raises a Malformed CSV Exception with a description of where and
what caused the issue and then stops processing the file. Now
whatever program/class uses the CSV Parser can do with that exception
what they please - mine notifies the user. I am failing to see how
this can be a security risk?
Then I didn't understand it correctly, my bad, sorry.
Regards,
- Graeme -
Ido
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
