A fork of the profile library code....

Jeffrey Hutzelman jhutz at cmu.edu
Thu Jan 5 11:34:33 EST 2006 


On Thursday, January 05, 2006 10:10:54 AM -0500 Joseph Calzaretta 
<saltine at mit.edu> wrote:

> The [appdefaults] section has tag names which are supposed to be
> application names.  On Windows & Mac systems, at least, an
> application name may contain a space.  I know Windows allows equal
> signs in file names.  I don't know if it would actually end up
> happening in practice where someone would want such a program in
> their [appdefaults] section, but it's a possibility.

Ahh, but tags in [appdefaults] are just that - tags.  They are not 
filenames, and an application shouldn't decide what tag to use (or anything 
else) based on its own filename.  I don't think it's a serious problem that 
tag names have a more limited namespace than do filenames.

> Also, I hear tell of an eventual move toward IDN names, and Unicode
> encodings.  Depending on the encoding chosen for the profile
> configuration file, it's possible that the realm names in [realms]
> may contain weird characters which may or may not conflict with some
> of the special characters we're using.  Again, not sure if this would
> occur in practice.  Most of the ways I can think of for that to go
> down wouldn't end up introducing spaces or equal signs.  But who knows.

IDN isn't going to make this problem any worse than it already is.  Its 
stringprep profile doesn't admit non-ASCII whitespace, so there are no new 
space characters to worry about.  All of our special characters are ASCII, 
and so already permitted in domain names.  And the punycode encoding used 
for encoding IDN names as ASCII uses only characters already common in 
domain names, none of which are special to the parser.

If you're going to be concerned about special characters in realm names, 
I'd worry about them as tag names, not section names.  While Ted's parser 
may not currently handle it, it should be fairly easy to treat the [] 
around a section name as quotes, though I think it would be a mistake not 
to strip at least leading and trailing whitespace.  But tag names have no 
natural quoting, and while not commonly used, there is a well-defined class 
of realm names which must contain at least one equal.

-- Jeff

More information about the krbdev mailing list