[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opinion on shell cgi scripts

Dimitri Georganas (dg_(_at_)_mitc_(_dot_)_net) wrote:

> What's the general opinion on using shell scripts as cgi scripts from
> a security viewpoint? What are the risks invoved? Is it a no-go, or
> is safety ok when certain criteria are met?

It's fine as long as you treat any browser-supplied parameters as
toxic waste.  Double-quote all your variable references, sanitize
your inputs (e.g. by stripping out all non-alphanumeric characters),
and so on.

Greg Wooledge                  |   "Truth belongs to everybody."
greg_(_at_)_wooledge_(_dot_)_org              |    - The Red Hot Chili Peppers
http://wooledge.org/~greg/     |

Visit your host, monkey.org