preventing directory traversal in programs
I'm writing a server program for linux where the client gives a username, which is used to construct a path (ie /spool/<user>/), (which is used in functions like fopen,scandir etc)
If there are no restrictions on the user name someone could traverse to different directory , ie /spool/../../etc/
To prevent this happening I have denied the use of a forward slash ('/' -- i think its a forward slash, or is it a bs?--cant remember)
is this all i need to do to make the server secure? or is there some other way of doing a directory traversal without the '/'?