Hi,
On Thu, Apr 20, 2006 at 10:22:18PM -0400, Rossen Raykov wrote:
>
> Is that ?simplest form? achievable? One can perform many and different
> encodings making the task of decoding them very difficult and resource
> consuming. Usually it is cheaper and safeties to do semantic checkup and
> treat the input as erroneous if it does not confirm to the expected
> input format.
you're comparing apples with oranges here. You must perform canonicalization
*before* you can match the input against the expected format.
> For example if you are expecting number anything different than a number
> is error.
Here are some different representations of the same number:
11
+11
11.0
11.00
011
All of these should pass as numbers. But if you want to check if the
number is in a specific range, you must canonicalize it first. E. g.
some programming languages treat numbers with leading 0 as octal numbers,
which means that "011" is actually 9, not 11. Canonicalization prevents
that kind of confusion.
Bye,
Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
63263 Neu-Isenburg
Germany
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Apr 21 2006
Intro
