Beefy Boxes and Bandwidth Generously Provided by pair Networks vroom
XP is just a number
 
PerlMonks  

Re: Re: HTTP/CGI Backup interface w/Perl

by dash2 (Hermit)
on Jun 10, 2003 at 00:21 UTC ( #264499=note: print w/ replies, xml ) Need Help??


in reply to Re: HTTP/CGI Backup interface w/Perl
in thread HTTP/CGI Backup interface w/Perl

Yup. Don't do anything silly like system("tar cvf - $my_user_input_from_a_form");, unless you want to hand out tar files of your server's passwords, though.

andramoiennepemousapolutropon


Comment on Re: Re: HTTP/CGI Backup interface w/Perl
Download Code
Re: Re: Re: HTTP/CGI Backup interface w/Perl
by sauoq (Abbot) on Jun 10, 2003 at 00:36 UTC

    This is very good advice and I was remiss in not noting such myself. That said, you should also know that, if you did so, you might risk a whole lot worse than the loss of your password file. It would permit a user to run any arbitrary command on your system with privileges the same as those that the cgi script runs with.

    Know the risks, understand the issues, and use the -T option to help you catch dangerous code.

    -sauoq
    "My two cents aren't worth a dime.";
    

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://264499]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (14)
As of 2014-04-17 20:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (454 votes), past polls