Am 26.06.2012 20:56, schrieb Thomas Mueller:
> I think it's more secure to whitelist known good characters (a-z, A-Z,
> _, 0-9) than to blacklist known bad ones, as you can't be completely
> sure which are the bad ones.
It all depends.
If you don't pass the inputs to any command-line shell, you're fine.
If you make sure that every input ever passed to a command line shell
goes through a solid(!) shell-escaping library, and know what shell is
going to handle the commands, you're still fine.
You also need to know what the filesystem will accept, but if you hit a
limit there, that's not a security hole, just a failed file creation
operation (a condition that should be tested for, of course, to avoid
having bugs that might become exploits).
Of course, you want to have something like prepared statements.
And be 150% sure that the escaping library is 150% correct.
You need to plan for security.
But only if you accept remote input that might be interpreted as
filesystem paths.
>>> Isn't this a security problem?
>> Not for my use case, where the db is created by a local user within
>> his home directory :-)
>
> You need to make sure things like "./../../test" is not allowed.
Eh, nope. It's a _local_ user. These can access ./../../test anyway.
Regards,
Jo
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/h2-database?hl=en.
