Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: Calling system function in cgi

by swkronenfeld (Hermit)
on Dec 28, 2005 at 16:52 UTC ( #519596=note: print w/replies, xml ) Need Help??


in reply to Calling system function in cgi

A CGI script is not much different from a 'normal' Perl script, except that it's usually called from a web interface from a command line (and it has much more rigid output requirements, and a few other minor details). So it can do whatever you can do in a 'normal' script that you may write to be used on the command line.

That said, do you want someone to be able to spawn test.exe on your web server from a web page? If test.exe takes any significant amount of resources, consider the abuse where someone bounces on the refresh button and spawns a bunch of test.exe's, happily eating away your system's performance. As long as you've thought of this and taken a measure to prevent this kind of abuse, or others that stem from executing a system program from the command line, you should be fine.

Oh, and it was mentioned above, but just to make sure you see it: untaint any data you may pass to any system call.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://519596]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (1)
As of 2022-08-08 03:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?