in reply to Re^6: Security issue and solution for terminal command accessed by public user
in thread Security issue and solution for terminal command accessed by public user
If the information is for the OP, offer it as a reply to the OP, not me!
And just how restricting the arguments to the program, to their exact range of legal values, limiting?
If you think throwing whatever garbage or carefully calculated input a (potentially malicious) user chooses to supply, at a shell and trusting to luck that there are no flaws in the quoting done by those modules, is an effective security mechanism, you are somewhat less than a dick. You are a fool!
I thought everyone knew that the *only* secure method of doing the is to only allow that which is safe.
Trying to "sanitise" user input has been the downfall of many a system. And with fools like you around, it will long continue that way.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^8: Security issue and solution for terminal command accessed by public user
by Anonymous Monk on Jul 07, 2012 at 07:06 UTC | |
by BrowserUk (Patriarch) on Jul 07, 2012 at 08:01 UTC | |
by Anonymous Monk on Jul 07, 2012 at 08:32 UTC |