Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re^2: Perl calling Linux commands

by tmharish (Friar)
on Mar 08, 2013 at 13:50 UTC ( #1022423=note: print w/replies, xml ) Need Help??


in reply to Re: Perl calling Linux commands
in thread Perl calling Linux commands

Additionally you need to look at tainted variables.

Its a really bad idea to take user input and throw it to system ( or a database ) - What if the username input was:

" || ls && 0 &&

Of course you could replace ls with whatever exciting nefarious command you choose but thats the idea ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1022423]
help
Chatterbox?
[Your Mother]: What a stupid, yet seductive super power. Control of biting insects.
[oiskuu]: Don't you think it's disturbing that the washing machine manual would say not to start it with pets inside?
[oiskuu]: So, how long did it take you to grow up?
[oiskuu]: Have you ever had your temperature taken from the other end?
[marto]: I read about a case where people were at a launderette, or whatever they're called in the US, and as a joke, put their toddler in with the washing, then closed the door
[Your Mother]: (Work in progress.)
[marto]: unaware that the model in question started the cycle automatically, provided the money/token had already been provided

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (12)
As of 2017-12-18 14:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    What programming language do you hate the most?




















    Results (487 votes). Check out past polls.

    Notices?