Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Consider if someone enters this as the 'number': 1 foot' 'inches'; rm -rf /; echo '

You could sanitize the input by making sure the number is really a number -- only digits and decimal point, that kind of thing (though that's trickier than it sounds, if you want to allow commas/underscores in long numbers, scientific notation, etc.). You can make the user choose from a selection of unit types, and verify that they selected a valid one from a list (because it's trivial to circumvent browser restrictions on that kind of thing). It would also help to open a pipe to/from units (with no command-line arguments) and pass the values to it in interactive mode, where bad inputs shouldn't be as dangerous as they can be on the command line.

Or you can use one of the conversion modules suggested above. Of course, then you're counting on those modules to handle dangerous inputs properly, so you should probably still sanitize your data as much as possible.

Aaron B.
Available for small or large Perl jobs; see my home node.


In reply to Re: Security issue and solution for terminal command accessed by public user by aaron_baugher
in thread Security issue and solution for terminal command accessed by public user by keenlearner

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (8)
As of 2024-03-28 18:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found