Women in Technology

Hear us Roar



Article:
  A Canary Trap for URI Escaping
Subject:   Good practice?
Date:   2006-02-26 23:39:00
From:   dumky
This looks interesting, but I would think it's better for validating that the string was parsed and unescaped properly, rather than figuring out how many unescapings should take place.
It seems this technique would tend to encourage sloppy formatting, rather than good understanding of the proper structure.


I'd also be concerned about security implications: services that integrate with the auth service might parse things differently than the auth service itself...