On Mon, 12 Oct 2015 17:29:13 +0200
Philippe Verdy <verdy_p_at_wanadoo.fr> wrote:
> But between two implementations
> the result of the scanner could still be different because the
> replacement character is not specified. If that result "sanitized"
> string is then used to generate an URI, the URI is also unpredictable
> and will vary between implementations, as well as its effective
> length. If it is used to generate an identifier granting some new
> access, such as a user name, several new user names could be
> generated from the same input.
TUS 8.0 Section 3 Requirement C10 has the following, wise words in its
final paragraph:
"However, such repair of mangled data is a special case, and it must
not be used in circumstances where it would cause security problems."
Richard.
Received on Mon Oct 12 2015 - 15:25:12 CDT
This archive was generated by hypermail 2.2.0 : Mon Oct 12 2015 - 15:25:13 CDT