On Tue, 29 Sep 2020 16:59:34 -0700, Charles Mills <charl...@mcn.org> wrote:
>Applications should not "validate" filenames before attempting to open or >create a file. Present the name to the file system API and report any error >back to the user. Application filename validation is what leads to these >inconsistencies. I will strongly agree with that, Charles. It goes along with not trying to pre-check the security results of something like opening or creating a file. They should just try to take the action as requested by the user, and if the system fails the operation they should report the failure. There are too many possibilities of error in trying to duplicate the security requests the system will make anyway, which could lead to either false positive or false negative results, or compromise auditing. Let the component that is responsible for the security make the security decision. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN