> >While testing IIS security, I was able to locate an old flaw which is > >still present in many server services on Win32. The problem deals > >with a compatibility issue with the old Win16/DOS file naming system > >known as the 8.3 naming system. > > One well-known workaround for this issue that will take care of this > problem, regardless of the server software, is to disable 8.3 filenames. Does this break the GetShortPathName function? This converts long file names in the 8.3 equivalent. The catch is that Microsoft recommend using the 8.3 name when registering COM servers (due to a bug in CreateProcess when there is a space in the server's directory path or file name). So you may not be able to register any COM servers on this partition (which may not be a bad thing... :-) Kenn
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:53 PDT