[fpc-pascal] Function for checking correct file name
Jorge Aldo G. de F. Junior
jagfj80 at gmail.com
Mon Sep 17 02:18:06 CEST 2012
Like i said earlier, i dont know why he needs to check the filename.
Let me explain :
There are two situations you are describing here :
1 - When the user invokes an application that executes a task on user
behalf, using data suplied by the same user.
This first situation is correctly treated by the underlying OS,
because it IS on the OS realm to determine who can access what. (It is
part of the OS security model).
The problem is, if your application is running using the security
permissions of the invoking user, then you dont need to "check correct
file name", all you can end up needing to do is to check if some file
exists (fileexists()) or if the passed filename is indeed a correct
file name (wich can be determined by simply trying to execute the task
and checking for errors). In that case theres no need to validate
filenames, the user should know better.
2 - When the application is running on behalf of one user but using
data supplied by another user. Thats where the security problem
happens. In that case the underlying OS security model, usually, have
a problem, and thats, usually, why you need to validate filenames.
This happens on FTP servers, HTTP servers and in a lot of other cases.
This is similar to SQL injection and a lot of other cases of security
flaws. The morale is that you should take with a grain of salt
everything comming from the user.
If he is validating a filename because of that case, then, a
half-baked 10 line function wont cut. THIS IS A SECURITY RISK.
You need a full fledged parser and macro expander.
Thats why i believe such a function should be added to freepascal RTL.
A good windows programmer wont know all the caveats of (for one)
MacOSX or other platforms.
Oh and thanks for calling me idiotic. IIS developers would think the
same about my caution.
2012/9/16 Jürgen Hestermann <juergen.hestermann at gmx.de>:
> Am 2012-09-15 23:48, schrieb Jorge Aldo G. de F. Junior:
>> This is a security risk, because, if the function isnt almost perfect,
>> someone could end up reading the passwords file (security.sam on
>> windows ? whatever im not a windows programmer) or rewriting criticial
>> files on a system.
> You mean all programmers in the world need to know all OS security leaks and
> have to program workarounds for these security leaks?
> That's completely idiotic because if security is based on this there is no
> security at all.
> fpc-pascal maillist - fpc-pascal at lists.freepascal.org
More information about the fpc-pascal