Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re^2: Is this actually possible?

by Fletch (Bishop)
on Oct 21, 2005 at 16:24 UTC ( [id://502065]=note: print w/replies, xml ) Need Help??


in reply to Re: Is this actually possible?
in thread How Would I access a C++ compiler remotely through a Perl CGI Script?

Yeah, it raises the hackles here as well. So long as you didn't run the compiled code you wouldn't necessarily be exposing the compiling machine to anything in the submitted code, but that doesn't mean that the compiler itself couldn't be exploited (e.g. a buffer overrun in gcc). SSH is still the better solution.

Replies are listed 'Best First'.
Re^3: Is this actually possible?
by Spidy (Chaplain) on Oct 21, 2005 at 16:31 UTC
    Well, I'm not planning on running the code, just compiling it and storing the errors generated by the compiler. That way I can still get my code bug-free here at school, and then go home and actually run it there.
    My Website
[reply]
      If you're still at the level of monkdom where your main source of errors is just things that the compiler can catch for you, I would suggest spending that time on reading programming books instead, or thinking about the design of your programs.

      Then when you get home, you can put some of the things you've read about into practice.

      I recommend

      • Design Patterns
      • Effective C++
      • STL Tutorial and Reference Guide
      • Object-Oriented Design Heuristics
      If you only read one, make it that last one. It's great.
[reply]
Re^3: Is this actually possible?
by Cap'n Steve (Friar) on Oct 22, 2005 at 05:57 UTC
    I've heard of assuming user input is tainted as a good programming practice, but assuming executables on the web server are tainted is a little ridiculous.

    If you're afraid of a bug in gcc, then you'd have to assume that Apache and Perl itself are equally unsafe.
[reply]

      No, I'm more trusting of those two precisely because they are used often in an unsafe environment and both have been gone over by people looking for problems to that end (and are under scrutiny for such problems going forward). I know of no such efforts being made on gcc since it's not in general use processing arbitrary user input, hence I'm substantially less sure of what it might do for malicious input.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://502065]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (3)
As of 2024-04-19 21:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found