[CSHARP-325] MongoDatabase.ValidateDatabaseName() check for invalid characters is too soft. Created: 15/Sep/11 Updated: 02/Apr/15 Resolved: 29/Sep/11 |
|
| Status: | Closed |
| Project: | C# Driver |
| Component/s: | None |
| Affects Version/s: | 1.2 |
| Fix Version/s: | 1.3 |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Roman Kuzmin | Assignee: | Robert Stam |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Description |
|
That is what it uses as invalid characters: ) != -1) { ... Apparently this is not enough. For example it allowed me to create a database "*" and even add a collection and some data. Nothing was found on my disk, indeed, and no exceptions were thrown. As far as database names are used as parts of file system names, more characters should be added to invalid. Perhaps System.IO.Path.GetInvalidFileNameChars() is too much but at least some of them like <>?*|": are candidates. |
| Comments |
| Comment by Roman Kuzmin [ 30/Sep/11 ] |
|
After your remarks and on the second thought I think you are right. I forgot that it opens existing or creates a new database... |
| Comment by Robert Stam [ 30/Sep/11 ] |
|
While it is true that a "database" is only created once on the server, on the client side a "MongoDatabase" instance is always created, and as part of the creation of that client side proxy the name is validated. So I think the caching is valid as it will always be used at least once (and more than once if your program accesses multiple databases). While it could be lazily initialized, in the end it will always be created, so it's just easier to initialize it up front. The only way it wouldn't be needed is if you write a program that doesn't access a database, but that seems unlikely... |
| Comment by Roman Kuzmin [ 30/Sep/11 ] |
|
Robert, I would not cache `invalidDatabaseNameChars` in a way it is done. It is now I would not use this cache at all. But if this cache makes sense then it is (sorry for been a boring perfectionist, just in case |
| Comment by Robert Stam [ 29/Sep/11 ] |
|
None of the characters in Path.GetInvalidPathChars or Path.GetInvalidFileNameChars should be allowed in database names because database names end up being used as directory and/or file names. In addition MongoDB itself specifies that '\0', ' ', '.', '$', '/' and ' |