On September 27, 2018 2:55:56 PM PDT, Stephen Frost <sfrost@snowman.net> wrote:
>Greetings,
>
>* Andres Freund (andres@anarazel.de) wrote:
>> On 2018-09-27 17:41:56 -0400, Stephen Frost wrote:
>> > Of course, if I'm missing something as to why the ascii-cleaning
>makes
>> > sense or is necessary, I'm all ears, but I'm just not seeing it.
>>
>> There's many reasons. For example you can send terminal control
>> characters to the server. When somebody then looks at the log, you
>can
>> screw with them pretty good, unless they're always careful to go
>through
>> less (without -r). We should be *more* not *less* careful about this
>> kind of hting.
>
>I seriously doubt we're going to start stripping usernames down to
>ASCII
>for them to be displayed in the log file.
So? As you say, they are much more control from the a admins of the server. I guess at some point we should have more
expansivewhitelisting than just ASCII, but that seems separate.
Andres
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.