Re^2: backtick in perl 5.8 cgi under iis 6

Replies are listed 'Best First'.
Re^3: backtick in perl 5.8 cgi under iis 6 by neilwatson (Priest) on Feb 17, 2006 at 14:15 UTC
I think you are missing the point. You should never need backticks. They are a security risk. Why don't you tell us exactly what you are trying to do? Neil Watson watson-wilson.ca	[reply]
Re^4: backtick in perl 5.8 cgi under iis 6 by ikegami (Patriarch) on Feb 17, 2006 at 16:42 UTC
That's assuming user input is used to build the command string. If the command is hardcoded, or if interpolated data is well validated (matches `/^\w+\z/`, for example), there's no problem.	[reply] [d/l]
Re^4: backtick in perl 5.8 cgi under iis 6 by cseelig (Initiate) on Feb 17, 2006 at 16:23 UTC
The cgi code wants to "run" an external process and capture its output for processing. BTW - it's an intranet application; security is not a concern. How can I achieve this without backticks? Thanks.	[reply]
Re^5: backtick in perl 5.8 cgi under iis 6 by marto (Cardinal) on Feb 17, 2006 at 16:55 UTC
cseelig, "BTW - it's an intranet application; security is not a concern." Yikes! IMHO security should always be a concern. Check out CGI Programming FAQ under Security for some interesting reading. Update: Also merlyn has a great article on the subject of security which I would advise reading. Martin	[reply]
Re^6: backtick in perl 5.8 cgi under iis 6 by cseelig (Initiate) on Feb 17, 2006 at 19:43 UTC
Re^5: backtick in perl 5.8 cgi under iis 6 by runrig (Abbot) on Feb 17, 2006 at 16:45 UTC
Have you tried supplying the full path to the exe? my $output = `c:/path/to/program.exe`; [download]	[reply] [d/l]