From: Henry Spencer (henry@spsystems.net)
Date: Thu Jul 04 2002 - 11:57:01 CDT
On Thu, 4 Jul 2002, Charles Lindsey wrote:
> >So, of course, the fix that everyone is enthused about is neither the
> >obvious one nor the best one: forbid overlong sequences!
>
> I don't see why that is not "the best".
It's the best if you believe that the problem is multiple representations
of characters. It is not the best if you believe that the problem is a
higher-level design defect: the attempt to prevent unsafe actions by
intercepting character sequences which might provoke them, as opposed to
building safeguards into the software that interprets the sequences (so
that it will not attempt unsafe actions no matter how they are provoked).
Henry Spencer
henry@spsystems.net