Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

(arturo) Re: CGI Script Calling Grep

by arturo (Vicar)
on Sep 26, 2001 at 00:12 UTC ( [id://114658]=note: print w/replies, xml ) Need Help??


in reply to Re: CGI Script Calling Grep
in thread CGI Script Calling Grep

Well, yes, in one way (this should solve the technical problem), and in another, emphatic no. Never pass user input directly to a subshell -- all sorts of nasties could result. Suppose $string is "foo *; cat /etc/passwd; rm -rf " for example. DoS, cracker info, and evil file removal (potential) all in one go.

So you could use this sort of thing, but *not* without taint checking, and, if you're going to untaint, be sure you know what you're doing. For more, see perldoc perlsec on your system, or perlsec hereabouts.

perl -e 'print "How sweet does a rose smell? "; chomp ($n = <STDIN>); +$rose = "smells sweet to degree $n"; *other_name = *rose; print "$oth +er_name\n"'

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://114658]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (4)
As of 2024-03-28 18:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found