Chapter 14
Internationalization Issues
No doubt you know that the world is a very small place and the need for software that recognizes languages other than United States English is important. Here's the problem: if you think you know what a character is in a language other than English, you are probably mistaken. Most character set encodings, including Unicode, are evolving. This inherent fuzziness can threaten software security. The rest of this short chapter, based on information learned during Microsoft's Windows Security Push, describes some of the threats related to internationalization, suggests ways to avoid them, and touches on some other general security best practices.
NOTE
You'll often see the term I18N when working with foreign language software. I18N means internationalization (in which the letter I is followed by 18 characters and then the letter N).
This chapter does not cover general globalization best practices except as they affect security. It's also assumed that you have read Chapter 10, All Input Is Evil! and Chapter 11, Canonical Representation Issues. Once you've read this chapter, I hope you'll quickly realize that someone in your group should own the security implications of I18N issues in your applications. Now I'll explain why.