Do you have a question? Post it now! No Registration Necessary. Now with pictures!
April 19, 2005, 1:35 pm
rate this thread
I have a php page that needs to make a system() call to a perl app. I
need to send user-entered search terms as parameters to the perl app,
and then capture the output from perl, do some light processing on it,
and then embed that into the php page.
I know how to do it, but this is not a controlled environment like a
LAN or a personal PC, so I am very paranoid about the risks of making
the system() call with user-supplied input. I know I will need to
shellescapearg() the user-input. Are there any other checks you would
recommend? Perhaps checks against the length of the user-input?
ctype_alnum()? Anything else I'm not thinking of?
re:How to keep system() safe
You have to think on how the perl script uses the info users send, you
should use also make a preg_match so that the input text contain only
valid characters and numbers, [a...z], [A...Z], [0...9]! Also i
presumed you are concerned so that user won't send multiple commands
on that line to the bash, i think by doing the preg_match you will
eliminate this option!
http://www.DevPlug.com --Connecting Developers
Posted from: http://www.devplug.com/ftopic23288.htm
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum