Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers

• To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
• Subject: Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers
• From: Jonathan Pryor <jonpryorVT.EDU>
• Date: Tue, 30 Jun 1998 07:10:21 -0400
• In-Reply-To: <199806301054.GAA23416listserv.vt.edu>
• Reply-To: Jonathan Pryor <jonpryorVT.EDU>
• Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

<comments inline>

<snip>

> Interesting - I just tested this, and NT does indeed create a
> file named
> "foo" if told to create a file named "foo   ".  It will also
> subsequently
> open the "foo" file if told to open "foo   ".  I don't find
> where this is
> documented behavior.  The bug is similar to the 8.3 problem
> seen in IIS a
> while back, and is probably the same sort of thing that
> caused the .asp.
> problem, too.
>

Actually, this *is* documented behavior.  According to the Windows
Guidelines for User Interface Design (both in paperback and buried
on the Microsoft web site), this observed behavior is
suggested/mandated -- as a usability "feature".  When opening/saving
a file, all leading/trailing spaces are removed from the file name
when opening the file.

Try it from explorer or any other Windows program -- it's not
possible to have trailing spaces in the file name.
(They claim that it's too difficult for the user to distinguish
between files with and without trailing spaces; I see their point,
actually)

<snip>
>
> David LeBlanc
> dleblancmindspring.com

Jon Pryor
jonpryorvt.edu

• Prev by Date: Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers
• Next by Date: Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers
• Prev by thread: Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers
• Next by thread: Re: Vague ASP Vulnerability in WebSite and Netscape NT Servers
• Index(es):
  • Date
  • Thread