Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Re: HTTP/CGI Backup interface w/Perl

by dash2 (Hermit)
on Jun 10, 2003 at 00:21 UTC ( #264499=note: print w/ replies, xml ) Need Help??


in reply to Re: HTTP/CGI Backup interface w/Perl
in thread HTTP/CGI Backup interface w/Perl

Yup. Don't do anything silly like system("tar cvf - $my_user_input_from_a_form");, unless you want to hand out tar files of your server's passwords, though.

andramoiennepemousapolutropon


Comment on Re: Re: HTTP/CGI Backup interface w/Perl
Download Code
Re: Re: Re: HTTP/CGI Backup interface w/Perl
by sauoq (Abbot) on Jun 10, 2003 at 00:36 UTC

    This is very good advice and I was remiss in not noting such myself. That said, you should also know that, if you did so, you might risk a whole lot worse than the loss of your password file. It would permit a user to run any arbitrary command on your system with privileges the same as those that the cgi script runs with.

    Know the risks, understand the issues, and use the -T option to help you catch dangerous code.

    -sauoq
    "My two cents aren't worth a dime.";
    

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://264499]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2015-07-05 14:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (67 votes), past polls