From: dharmeshmm@mastek.com
Date: Thu Nov 03 2005 - 04:22:58 EST
Different forms of input that resolve to the same standard name (the canonical name), is referred to as canonicalization.
Code is particularly susceptible to canonicalization issues if it makes security decisions based on the name of a resource
that is passed to the program as input. Files, paths, and URLs are resource types that are vulnerable to canonicalization
because in each case there are many different ways to represent the same name. File names are also problematic.
Ideally, your code does not accept input file names. If it does, the name should be converted to its canonical form prior
to making security decisions, such as whether access should be granted or denied to the specified file.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:07 EDT