Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Security question with grep/egrep
- Date: Mon, 22 Mar 2004 12:08:02 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] Security question with grep/egrep
- References: <200403220218.i2M2I4BO026729@example.com>
- Organization: The XEmacs Project
- User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Portable Code, linux)
>>>>> "Jim" == Jim Breen <Jim.Breen@example.com> writes:
Jim> [...] the CGI program would do a system() call [...]
Since you care about the host, don't do system() calls. There are too
many ways to break the call itself, and you then become hostage to any
security holes that may exist in the called programs as well.
What's wrong with using the native regexp facility of whatever you're
using to write the CGI? Even if it's in C or C++, the POSIX regcomp/
regexec facility is not rocket science to use. That's what you'd be
using with grep, anyway, AFAIK.
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
- References:
- [tlug] Security question with grep/egrep
- From: Jim Breen
- [tlug] Security question with grep/egrep
- Prev by Date: [tlug] Magazines & Software
- Next by Date: Re: [tlug] Security question with grep/egrep
- Previous by thread: [tlug] Security question with grep/egrep
- Next by thread: Re: [tlug] Security question with grep/egrep
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |