I have a CGI script calling an external client to gather data from a remote SQL server.
First of all, in general, this is a very dangerous thing to do, and especially so if you haven't properly sanitized all of those variables that you're passing to the external command. It's very easy to get the cleanup wrong. See also perlsec.
I'm also a bit confused by the code style... if your open fails, it looks like the code will continue on and try to run the while loop, which seems kind of pointless, and should also generate warnings. I do hope you're using strict and warnings?
Anyway, IPC::Run supports calling external commands with timeouts, so you might want to look at that. I'd also recommend splitting up the command into a list instead of a string (i.e. ($UNID_CLIC,$Host,$Port,...) instead of "$UNID_CLIC $Host $Port ...") because in that case, open* as well as IPC::Run won't pass it to the shell, and you have one less thing to worry about - I wrote about that some more (including some of the possible security risks) here.
* Update: Except on Perl versions before 5.22 on Win32 (perldelta).
In reply to Re: How to handle an external process from CGI?
by haukex
in thread How to handle an external process from CGI?
by emilbarton
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |