1 Replies - 364 Views - Last Post: 16 June 2011 - 05:50 PM

#1 creativecoding  Icon User is offline

  • Hash != Encryption
  • member icon


Reputation: 927
  • View blog
  • Posts: 3,209
  • Joined: 19-January 10

Directory rules

Posted 16 June 2011 - 04:58 PM

I'm working on a little project that uses directories named after users. I want to be able to forbid certain things to rule out possible hackers and weird errors.

So far I know that ../ and / is bad, so I blocked that. But are there any other characters I shouldn't allow? Also, what's the max character limit for a directory?
Is This A Good Question/Topic? 0
  • +

Replies To: Directory rules

#2 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3719
  • View blog
  • Posts: 5,994
  • Joined: 08-June 10

Re: Directory rules

Posted 16 June 2011 - 05:50 PM

Hey.

Assuming it's a Linux server, of the top of my head: ~ is a /home/username shortcut; . is used to hide files/folders when set as the first char of the name.

However, personally I would use a white-list approach rather than a black-list. I'd just start with [a-zA-Z0-9-_'], and then add to that what I felt is needed. Much safer to list all characters likely to be included, rather than try to figure out all characters that might cause problems.

Actually, I would try to avoid this altogether, and instead store the names themselves in a database and create directories using a unique ID. But I get that it may not always be a possibility. (I would go out of my way to make it available, though.)

creativecoding said:

Also, what's the max character limit for a directory?

Depends on the file-system. Most commonly used file-systems, like FAT32, NTFS and the ext systems, have a 255 (256 for ext4) character limit on filenames (and by extension, directory names).

There is a pretty comprehensive list available on Wikipedia:
- Comparison of file systems
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1