[Devel] case sensitiveness in permissions module
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Jan 11 10:12:09 CET 2007
Bogdan-Andrei Iancu wrote:
> Hi Klaus,
>
> depends on the purpose of the regexp - if they are to be used for
> matching some case sensitive data, it this case REG_ICASE should not be
> used. For example if you apply regexp on a SIP URI, the username part
> may be case sensitive.......but not sure what the regexp is used for ...
really? does openser differ between klaus at domain and KLAUS at domain during
save() and lookup()?
I just checked: KLAUS at domain works fine too. It looks like the name is
changed to lower case during save()
> do you have any clue?
My concern was if a user can bypass my permission screening by using
capital letters. If the other parts of openser are not case sensitive,
IMO the regexp should be case insensitive too (at least if not
explicitly forced via a module parameter)
regards
klaus
>
> regards,
> Bogdan
>
> Klaus Darilion wrote:
>
>> Hi!
>>
>> I found that regcomp in permissions module does not always use the
>> REG_ICASE flag. Thus is it necessary to write the regular expression
>> in the allow/deny file with respect to case sensitiveness?
>>
>> regards
>> klaus
>>
>>
>
--
Klaus Darilion
nic.at
More information about the Devel
mailing list