From: Peter Conrad (conradtivano.de)
Date: Fri Apr 21 2006 - 02:19:04 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Thu, Apr 20, 2006 at 10:22:18PM -0400, Rossen Raykov wrote:
>
> Is that ?simplest form? achievable? One can perform many and different
> encodings making the task of decoding them very difficult and resource
> consuming. Usually it is cheaper and safeties to do semantic checkup and
> treat the input as erroneous if it does not confirm to the expected
> input format.

you're comparing apples with oranges here. You must perform canonicalization
*before* you can match the input against the expected format.

> For example if you are expecting number anything different than a number
> is error.

Here are some different representations of the same number:

11
+11
11.0
11.00
011

All of these should pass as numbers. But if you want to check if the
number is in a specific range, you must canonicalize it first. E. g.
some programming languages treat numbers with leading 0 as octal numbers,
which means that "011" is actually 9, not 11. Canonicalization prevents
that kind of confusion.

Bye,
        Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
63263 Neu-Isenburg

Germany

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]