Beefy Boxes and Bandwidth Generously Provided by pair Networks DiBona
XP is just a number
 
PerlMonks  

Re: Security issue and solution for terminal command accessed by public user

by Anonymous Monk
on Jul 06, 2012 at 17:00 UTC ( #980327=note: print w/ replies, xml ) Need Help??


in reply to Security issue and solution for terminal command accessed by public user

What security issue will be the consequence of this ? If any, how to solve the issues ?

You can avoid them by avoiding the shell and using these

Math::Calc::Units - Human-readable unit-aware calculator

Physics::Unit - Manipulate physics units and dimensions


Comment on Re: Security issue and solution for terminal command accessed by public user
Re^2: Security issue and solution for terminal command accessed by public user
by keenlearner (Acolyte) on Jul 06, 2012 at 17:17 UTC

    Hi, thanks for your suggestion.

    I have looked into some perl modules for unit conversion, the Physics::Unit is quite complete but still the "units" program is more complete, which provide around 2526 units of conversion.

    Still, the "units" is the preferable choice for the application. I have seen a number of perl module make use of external command line. Aha, I think I have to read their source code and see how they wrap the code. Or is there a tutorial for this ?

    Thanks.

      AnonyMonk suggested avoiding the shell for numerous very good reasons -- some of which would likely be those I would cite: if you use the shell and the external program, you've increased complexity; likely have opened some exploitable security gaps, and added overhead for your server. Unless you think the variety of conversions done by the external program outweigh all of those, heed AM's advice.

      And, in any case, be aware you're reinventing the wheel! Is there some really valid reason to create and invent/install your own wheels, gears, and interfaces when a simple search -- for "unit conversions" or even "conversions" will turn up many existing (and mostly, free) services?

      And, please, read the instructions around the text-entry box. Use <p>...</p> around paragraphs; <c>...</c> around code and data. <pre> tags make your nodes hard to read or bork the rendering for some Monks.

        Hi

        Thanks for your warning about the security issue.

        Yeah, I am aware that there are a lot of conversion program out there already. But my reason being that this web application is going to be multi-purpose and multi-function for daily life task. So by adding this to the web application is just for being more complete. Just like there are many candy stores available, among them definitely they do sell the same candy, but people will prefer to go to other candy store in the future if they find your candy store is not complete enough.

        Okay, I have just started to use the p tag, just that would require more effort than pre tag. Like in replying this I need to put 4 pairs of p tag, while require only 1 pair of pre tag. But the text become hard to read for pre tag hehe :) Sorry for being lazy. But my intention is just to be more efficient.

      or is there a tutorial for this ?

      Can you find a tutorial for this?

        Of course I had Google beforehand. But no good tutorial regarding the security issue and the solution so far.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://980327]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2014-04-21 02:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (489 votes), past polls