On Mon, 2001-12-03 at 18:36, Bill Moseley wrote:
> That's why I fork/exec in the CGI scripts. That avoids the shell completely.
Good idea. ;-)
> The advantage of using that method is that perl under windows can't use
> that method ;)
fork/exec doesn't work on Windows? I thought that was fixed (maybe only
> asking the wrong question. It's common to only allow in known good
> characters, but I've seen enough hacks that I'm not 100% sure that method
> can't be broken.
True. And the sad part is that Windows security flaws tend to be
Which reminds me. I've been meaning to look at security issues with my
SWS script. I did a lot of filtering there in addition to the PHP shell
escape functions. But, I've never done serious testing on Windows. I
have no clue how effective those functions are on Windows.
> >Examples of what in PHP? Let me know and I'll have a look.
> A web interface for swish -- there should be more options than perl.
My SWS script handles simple searches. Nothing spectacular but it's
usable. It doesn't take advantage of anything new in 2.x. I really
want to do that at some point.
Dave's Web - http://www.webaugur.com/dave/
Augury Net - http://augur.homeip.net/
ICQ Universal Internet Number - 412039
E-Mail - email@example.com
"I once went to the store to buy a computer but
the salesman tried to sell me windows instead..."
Received on Tue Dec 4 00:51:55 2001