Comments on: Why use Unicode? http://lindsve.net/2006/05/27/why-use-unicode/ my own little space on the net Wed, 07 Jan 2009 00:30:51 +0000 http://wordpress.org/?v=2.5.1 By: Geir-Tore http://lindsve.net/2006/05/27/why-use-unicode/#comment-48 Geir-Tore Fri, 02 Jun 2006 08:03:24 +0000 http://www.lindsve.net/2006/05/27/why-use-unicode/#comment-48 <p>Security issues are obviously a consideration to take when using Unicode, or more specifically, when implementing support for Unicode. For character representations (XML/HTML, etc) UTF-8 is the most common Unicode scheme, and during the updates of the Unicode specification there have been numerous restrictions made on implementations of this scheme. Considering the article by Schneier, one way is to restrict the size of the character sequences which are parsed, such that illegal sequences can be ignored. This is also a requirement set by the Unicode Standard.</p> <p>Here are some additionally links with information related to Unicode and security aspects:</p> <ol> <li><a href=\\\"http://www.unicode.org/reports/tr36/\\\" rel=\\\"nofollow\\\" rel=\"nofollow\" rel="nofollow">Unicode Security Considerations</a></li> <li><a href=\\\"http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/character-encoding.html\\\" rel=\\\"nofollow\\\" rel=\"nofollow\" rel="nofollow">Secure Programming for Linux and Unix HOWTO</a></li> <li><a href=\\\"http://www.cl.cam.ac.uk/~mgk25/unicode.html\\\" rel=\\\"nofollow\\\" rel=\"nofollow\" rel="nofollow">UTF-8 and Unicode FAQ for Unix/Linux</a></li> </ol> Security issues are obviously a consideration to take when using Unicode, or more specifically, when implementing support for Unicode. For character representations (XML/HTML, etc) UTF-8 is the most common Unicode scheme, and during the updates of the Unicode specification there have been numerous restrictions made on implementations of this scheme. Considering the article by Schneier, one way is to restrict the size of the character sequences which are parsed, such that illegal sequences can be ignored. This is also a requirement set by the Unicode Standard.

Here are some additionally links with information related to Unicode and security aspects:

  1. Unicode Security Considerations
  2. Secure Programming for Linux and Unix HOWTO
  3. UTF-8 and Unicode FAQ for Unix/Linux
]]> By: Roger http://lindsve.net/2006/05/27/why-use-unicode/#comment-47 Roger Fri, 02 Jun 2006 07:35:23 +0000 http://www.lindsve.net/2006/05/27/why-use-unicode/#comment-47 <p>There may well be some benefits from using Unicode, but let's not forget about the drawbacks: http://www.schneier.com/crypto-gram-0007.html#9</p> There may well be some benefits from using Unicode, but let’s not forget about the drawbacks:
http://www.schneier.com/crypto-gram-0007.html#9

]]>