Hi,
On Thu, Apr 20, 2006 at 10:22:18PM -0400, Rossen Raykov wrote:
Is that ?simplest form? achievable? One can perform many and different
encodings making the task of decoding them very difficult and resource
consuming. Usually it is cheaper and safeties to do semantic checkup and
treat the input as erroneous if it does not confirm to the expected
input format.
you're comparing apples with oranges here. You must perform canonicalization
*before* you can match the input against the expected format.
For example if you are expecting number anything different than a number
is error.
Here are some different representations of the same number:
11
+11
11.0
11.00
011
All of these should pass as numbers. But if you want to check if the
number is in a specific range, you must canonicalize it first. E. g.
some programming languages treat numbers with leading 0 as octal numbers,
which means that "011" is actually 9, not 11. Canonicalization prevents
that kind of confusion.
Bye,
Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
63263 Neu-Isenburg
Germany
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
