Best practice
Richard Thomas
richard.thomas at PSYSOLUTIONS.COM
Thu Oct 13 22:10:18 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Rabellino Sergio wrote:
> Ho do you feel about mycode.c.old or mydocs.tar.gz, or
> mydata.20051009.txt ???
>
> It's hard tell anyone that he can't send a project in development to
> someone else because there are double dotted filenames, without
> concerning
> the real content.
>
> This was the start point for our discussion, then my doubt on that
> rule. Could be a 'better performance' rule, but there are real
> attacks catched ONLY by that rule ?
>
> For now i've not found any attacks singularly catched by the
> double-dot rule, but...
>
I've been wondering about this myself. I mean sure, block report.doc.exe
and hotpic.jpg.pif but is anything really gained by blocking the
examples listed by the previous poster? And I mean don't just do some
handwaving about "extra security", I'd like to see a real explanation of
the gain and preferably a couple of examples.
Rich
--
MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787
840 Crescent Ctr Dr | |Fax: +1 615 312 5711
Suite 460 +---------------------------+----------------------
Franklin, TN 37067 |Support: helpdesk at psysolutions.com +1 615 312 5888
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list