[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opinion on shell cgi scripts

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: opinion on shell cgi scripts
From: Greg Wooledge <greg_(_at_)_wooledge_(_dot_)_org>
Date: Sat, 30 Oct 2004 08:21:43 -0400
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

Dimitri Georganas (dg_(_at_)_mitc_(_dot_)_net) wrote:

> What's the general opinion on using shell scripts as cgi scripts from
> a security viewpoint? What are the risks invoved? Is it a no-go, or
> is safety ok when certain criteria are met?

It's fine as long as you treat any browser-supplied parameters as
toxic waste.  Double-quote all your variable references, sanitize
your inputs (e.g. by stripping out all non-alphanumeric characters),
and so on.

-- 
Greg Wooledge                  |   "Truth belongs to everybody."
greg_(_at_)_wooledge_(_dot_)_org              |    - The Red Hot Chili Peppers
http://wooledge.org/~greg/     |

References:
- opinion on shell cgi scripts
  - From: Dimitri Georganas

Prev by Date: Re: Bits N Bytes
Next by Date: Re: OpenBSD 3.5 RELEASED!! :) Yaaaaaaak!! :)
Previous by thread: Re: opinion on shell cgi scripts
Next by thread: Fan Speed Too High
Index(es):
- Date
- Thread

Visit your host, monkey.org