Re: [tlug] Re: tlug] Security question with grep/e...

[Brett Robson <b-robson@example.com>]

On Tue, 23 Mar 2004 16:03:45 +1100 (EST)
Jim Breen <Jim.Breen@example.com> wrote:
>
> system() in C 

My mistake, I immediately thought of Perl's system() it's been a long
time since I wrote C  :(


> 
> >> I'd prefer to use Perl's built in stuff
> >> do to that. If you aren't programming in Perl perhaps a Perl wrapper
> >> would be best.
> 
> Steve's suggestion of regcom/regexec achieves the same, and avoids
> using a <shudder>Perl wrapper</shudder>.

Don't fight it Jim, you know you want to ... . But calling Perl from C
is not really worth it, you'd have to use system() anyway.

I never used reg exps in C, how hard is it to write them in C? I'm
thinking in term of escaping characters etc.


> 
> >> The most obvious thing of course is to make sure the web server's
> >> privileges  are restricted.
> 
> Of course. But I don't see how this is affecting privileges. It all runs
> in my space and with my guid, etc.

Sounds like you are running on a reasonably well adminisited server. One
small sugestion I'd make is to make your files read only (to all). If
you are not making a lot of updates it doesn't complicate things much


Brett