Re^7: Security issue and solution for terminal command accessed by public userby BrowserUk (Pope)
|on Jul 07, 2012 at 05:46 UTC||Need Help??|
If the information is for the OP, offer it as a reply to the OP, not me!
And just how restricting the arguments to the program, to their exact range of legal values, limiting?
If you think throwing whatever garbage or carefully calculated input a (potentially malicious) user chooses to supply, at a shell and trusting to luck that there are no flaws in the quoting done by those modules, is an effective security mechanism, you are somewhat less than a dick. You are a fool!
I thought everyone knew that the *only* secure method of doing the is to only allow that which is safe.
Trying to "sanitise" user input has been the downfall of many a system. And with fools like you around, it will long continue that way.
With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.