Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: Re: HTTP/CGI Backup interface w/Perl

by dash2 (Hermit)
on Jun 10, 2003 at 00:21 UTC ( #264499=note: print w/replies, xml ) Need Help??


in reply to Re: HTTP/CGI Backup interface w/Perl
in thread HTTP/CGI Backup interface w/Perl

Yup. Don't do anything silly like system("tar cvf - $my_user_input_from_a_form");, unless you want to hand out tar files of your server's passwords, though.

andramoiennepemousapolutropon

Replies are listed 'Best First'.
Re: Re: Re: HTTP/CGI Backup interface w/Perl
by sauoq (Abbot) on Jun 10, 2003 at 00:36 UTC

    This is very good advice and I was remiss in not noting such myself. That said, you should also know that, if you did so, you might risk a whole lot worse than the loss of your password file. It would permit a user to run any arbitrary command on your system with privileges the same as those that the cgi script runs with.

    Know the risks, understand the issues, and use the -T option to help you catch dangerous code.

    -sauoq
    "My two cents aren't worth a dime.";
    

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://264499]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (3)
As of 2016-10-01 03:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Extraterrestrials haven't visited the Earth yet because:







    Results (574 votes). Check out past polls.