Skip to main content.
home | support | download

Back to List Archive

Re: swish.cgi

From: David L Norris <dave(at)not-real.webaugur.com>
Date: Tue Dec 04 2001 - 00:51:25 GMT
On Mon, 2001-12-03 at 18:36, Bill Moseley wrote:
> That's why I fork/exec in the CGI scripts.  That avoids the shell completely.

Good idea.  ;-)

> The advantage of using that method is that perl under windows can't use
> that method ;)

fork/exec doesn't work on Windows?  I thought that was fixed (maybe only
NT).

> asking the wrong question.  It's common to only allow in known good
> characters, but I've seen enough hacks that I'm not 100% sure that method
> can't be broken.

True.  And the sad part is that Windows security flaws tend to be
guarded secrets.

Which reminds me.  I've been meaning to look at security issues with my
SWS script.  I did a lot of filtering there in addition to the PHP shell
escape functions.  But, I've never done serious testing on Windows.  I
have no clue how effective those functions are on Windows.

> >Examples of what in PHP?  Let me know and I'll have a look.
> A web interface for swish -- there should be more options than perl.

My SWS script handles simple searches.  Nothing spectacular but it's
usable.  It doesn't take advantage of anything new in 2.x.  I really
want to do that at some point.

SWS:
  http://www.webaugur.com/wares/sws.html

Example:
  http://www.webaugur.com/search/

-- 
 David Norris
  Dave's Web - http://www.webaugur.com/dave/
  Augury Net - http://augur.homeip.net/
  ICQ Universal Internet Number - 412039
  E-Mail - dave@webaugur.com

  "I once went to the store to buy a computer but
   the salesman tried to sell me windows instead..."
Received on Tue Dec 4 00:51:55 2001