|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Re: Canonicalization
From: Mariusz Pêkala (skoot
qi.pl)
Date: Thu Apr 13 2006 - 14:24:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2006-04-13 07:17:57 -0000 (Thu, Apr), susam_palyahoo.co.in wrote:
> I am writing some examples. Please tell me if these are the examples
> of Canonicalization.
>
> 1. When an web application gets parameters from a GET request or POST
> request, and if that parameter is going to be used as a part of an SQL
> query, then the programmer must take care to convert the single-quote
> (') to two single-quotes('') for Oracle Database in order to prevent
> SQL injection. Is this canonicalization?
>
> 2. Take a guestbook of a site. The feedback given is going to appear
> back in the web-page. Here we need to take care that things like
> "<font>" should be converted to ">font<" before it appears on
> the page. Is this a case of canonicalization?
I suppose, no. These are examples of ... err.. escaping or quoting.
Canonicalization would be, for example, ensuring that ' is changed
to single quote, or removing backslashes from places where they are not
needed - <f\ont> => <font>
See http://en.wikipedia.org/wiki/Canonicalization
--
No virus found in this outgoing message.
Checked by "grep -i virus $MESSAGE"
Trust me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEPqVcIzblgXdKMIURAtjYAKDJYKM1CCHr0F3MFsdod0vbGAbbHgCeOU9f
go7RwhunIGoImEOw8U+nZoc=
=odYs
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]