Re: Canonicalization

[Peter Conrad <conrad () tivano de>]

Hi,

On Thu, Apr 20, 2006 at 10:22:18PM -0400, Rossen Raykov wrote:
> Is that ?simplest form? achievable? One can perform many and different 
> encodings making the task of decoding them very difficult and resource 
> consuming. Usually it is cheaper and safeties to do semantic checkup and 
> treat the input as erroneous if it does not confirm to the expected 
> input format.

you're comparing apples with oranges here. You must perform canonicalization
*before* you can match the input against the expected format.

> For example if you are expecting number anything different than a number 
> is error.

Here are some different representations of the same number:

11
+11
11.0
11.00
011

All of these should pass as numbers. But if you want to check if the
number is in a specific range, you must canonicalize it first. E. g.
some programming languages treat numbers with leading 0 as octal numbers,
which means that "011" is actually 9, not 11. Canonicalization prevents
that kind of confusion.

Bye,
        Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------