Do you know of any other OS that *does* work that way? If not, then
pretty much every platform on the net except Unix and Dos based ones
qualify. I've seen numerous claims that the most common server on the
is running on neither Unix nor DOS. Of course, server authors for
those platforms will probably just ignore this restriction, as they
have no reason to deal with it.
> (side note: MS has implemented "..." and "...." in Win95 for
> referencing up two- and three- levels respectively. I don't know about
> NT, but if it's not in there now it soon will be. A check for ".."
> would obviously catch this as well.)
So you're arguing that the string ".." anywhere in the path - not just
as a path componenet - ought to be illegal? Is there any point in this
other than letting incompetent programmers blame the client if their
system is broken into?
Seriously, what is the point of this? Competent programmers on boxes
that add special meaning to any path component will deal with it in
the server whether it's illegal or not. Making it illegal isn't any
more likely to make incompetent programmers check for it than a
warning. Programmers for other boxes will ignore it. Should clients
refuse to send it if it shows up in a document? Should your email
address show up in the error message so users can go direct to you for
an explanation?
<mike