WebApp Sec mailing list archives
RE: How to handle "special characters"
From: riptide () idle curiosity org
Date: Thu, 11 Dec 2003 14:31:47 -0600 (CST)
There truthfully isn't a clear guidline and killer hacks are found daily. Your application should filter out any control, escape characters. Look for anything with a suspicious pattern ie (../..) Stick within the ascii range with numbers and letters. good luck On Thu, 11 Dec 2003, sparkes wrote:
On Wed, 2003-12-10 at 16:55, Tony Langley wrote: <snip>1) Which chars are always safe (if there are any).there aren't2) Which chars are always dangerous.those entered by the user3) Those which are sometimes one or the other.everything else sorry to be pessamistic but this is the only truth you need to know to stay safe sparkes
Current thread:
- How to handle "special characters" Sekurity Wizard (Dec 10)
- Re: How to handle "special characters" Clint Bodungen (Dec 10)
- RE: How to handle "special characters" Tony Langley (Dec 10)
- RE: How to handle "special characters" sparkes (Dec 11)
- RE: How to handle "special characters" riptide (Dec 11)
- RE: How to handle "special characters" sparkes (Dec 11)
- <Possible follow-ups>
- RE: How to handle "special characters" Brown, James F. (Dec 11)
- RE: How to handle "special characters" appsec (Dec 11)
- RE: How to handle "special characters" Sachin Hamirwasia (Dec 14)
- RE: How to handle "special characters" Ghita Serban (Dec 15)
- Re: RE: How to handle "special characters" .Saphyr (Dec 15)
- Re: How to handle "special characters" Tobias Mathes (Dec 15)
- RE: How to handle "special characters" Sachin Hamirwasia (Dec 14)
- RE: How to handle "special characters" Keifer, Trey (Dec 11)
- RE: How to handle "special characters" Ghita Serban (Dec 12)
- RE: How to handle "special characters" Tom Stowell (Dec 13)
- Re: How to handle "special characters" T.J. (Dec 13)