Comment 5 for bug 903232

I'm still a bit confused with your description of the impact.

> command injection (quotation marks allowed as part of folder name)
This sounds like an issue that would be triggered in client tools that do not escape characters, not in Swift. Do you confirm ? If yes, then I agree with John that it sounds like an optional additional layer of security rather than a vulnerability in Swift.

> risk of Swift storage corruption (account and container servers don't check input parameters for length, quotation marks)
Could you elaborate on that one ? I'm failing to grasp the attack vector and exact impact.

> negative content length (req.content_length isn't checked to see if it is < -1)
What is the impact of this one ? How can it be exploited and do what effect ?