[CSHARP-325] MongoDatabase.ValidateDatabaseName() check for invalid characters is too soft. Created: 15/Sep/11  Updated: 02/Apr/15  Resolved: 29/Sep/11

Status: Closed
Project: C# Driver
Component/s: None
Affects Version/s: 1.2
Fix Version/s: 1.3

Type: Improvement Priority: Minor - P4
Reporter: Roman Kuzmin Assignee: Robert Stam
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible

 Description   

That is what it uses as invalid characters:
if (name.IndexOfAny(new char[]

{ '\0', ' ', '.', '$', '/', '\\' }

) != -1) { ...

Apparently this is not enough. For example it allowed me to create a database "*" and even add a collection and some data. Nothing was found on my disk, indeed, and no exceptions were thrown.

As far as database names are used as parts of file system names, more characters should be added to invalid. Perhaps System.IO.Path.GetInvalidFileNameChars() is too much but at least some of them like <>?*|": are candidates.



 Comments   
Comment by Roman Kuzmin [ 30/Sep/11 ]

After your remarks and on the second thought I think you are right. I forgot that it opens existing or creates a new database...

Comment by Robert Stam [ 30/Sep/11 ]

While it is true that a "database" is only created once on the server, on the client side a "MongoDatabase" instance is always created, and as part of the creation of that client side proxy the name is validated. So I think the caching is valid as it will always be used at least once (and more than once if your program accesses multiple databases).

While it could be lazily initialized, in the end it will always be created, so it's just easier to initialize it up front. The only way it wouldn't be needed is if you write a program that doesn't access a database, but that seems unlikely...

Comment by Roman Kuzmin [ 30/Sep/11 ]

Robert,
I think you made the best decision. Thank you.

I would not cache `invalidDatabaseNameChars` in a way it is done. It is now
always created. In any session, because any session requires a database. But
how many sessions actually *create* databases? If it is not testing or
development scenario then basically 0 in most cases or a little in some other
cases. Still, we make this cache of invalid characters *always*.

I would not use this cache at all. But if this cache makes sense then it is
better be created only on demand when it is really needed (lazy), not always.

(sorry for been a boring perfectionist, just in case )

Comment by Robert Stam [ 29/Sep/11 ]

None of the characters in Path.GetInvalidPathChars or Path.GetInvalidFileNameChars should be allowed in database names because database names end up being used as directory and/or file names. In addition MongoDB itself specifies that '\0', ' ', '.', '$', '/' and '
' are not allowed.

Generated at Wed Feb 07 21:36:29 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.