Explained – Canonicalization
.gif)
J.D. Meier, Keith Brown, Prashant Bansode
Microsoft Corporation
November 2007
This video module shows you how to avoid input and data validation security issues related to path validation.
- Use Access Control Lists (ACLs) and impersonation to control access to resources, instead of pathname comparisons
- Use MapPath to restrict physical file paths to the current virtual directory.
The video is a small wmv file streaming / download:
- Explained – Canonicalization (Length: 8:43 - Size: 7:00 MB)
- Design Guidelines for Secure Web Applications (See "Input Validation" section)
- Architecture and Design Review for Security (See "Input Validation" section)