in reply to Re: Perl calling Linux commands
in thread Perl calling Linux commands
Additionally you need to look at tainted variables.
Its a really bad idea to take user input and throw it to system ( or a database ) - What if the username input was:
" || ls && 0 &&
Of course you could replace ls with whatever exciting nefarious command you choose but thats the idea ...
|
---|
In Section
Seekers of Perl Wisdom