On Tue, 29 Sep 2020 19:58:06 -0500, Paul Gilmartin <paulgboul...@aim.com> wrote:
>On Tue, 29 Sep 2020 16:59:34 -0700, Charles Mills wrote: > >>Applications should not "validate" filenames before attempting to open or >>create a file. Present the name to the file system API and report any error >>back to the user. Application filename validation is what leads to these >>inconsistencies. >> >I'll emphasize that. Applications and UIs should not modify filenames -- add >blanks; >remove blanks; change case, etc. A related problem arose a while ago when the >requirement (possibly delusional) for mixed-case passwords appeared. Many >applications which though they were doing a users a favor by converting >passwords >to upper case had to be modified. The operation should always have been left >to >the security product. RACF required applications to present the password in upper-case, so the applications were not at fault for doing so. Blame RACF for that one. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN