Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Re: Re: HTTP/CGI Backup interface w/Perl

by dash2 (Hermit)
on Jun 10, 2003 at 00:21 UTC ( #264499=note: print w/replies, xml ) Need Help??

in reply to Re: HTTP/CGI Backup interface w/Perl
in thread HTTP/CGI Backup interface w/Perl

Yup. Don't do anything silly like system("tar cvf - $my_user_input_from_a_form");, unless you want to hand out tar files of your server's passwords, though.


Replies are listed 'Best First'.
Re: Re: Re: HTTP/CGI Backup interface w/Perl
by sauoq (Abbot) on Jun 10, 2003 at 00:36 UTC

    This is very good advice and I was remiss in not noting such myself. That said, you should also know that, if you did so, you might risk a whole lot worse than the loss of your password file. It would permit a user to run any arbitrary command on your system with privileges the same as those that the cgi script runs with.

    Know the risks, understand the issues, and use the -T option to help you catch dangerous code.

    "My two cents aren't worth a dime.";

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://264499]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (1)
As of 2018-04-22 05:54 GMT
Find Nodes?
    Voting Booth?