Skip to main content.
home | support | download

Back to List Archive

Re: Security issues

From: Peter Karman <karman(at)not-real.cray.com>
Date: Mon Jan 24 2005 - 17:17:00 GMT
The CGI runs swish-e as a system() (or open(), I can't remember) call. That's an 
insecure way of doing anything via CGI.

Look at the search.cgi script for a better way, using the SWISH::API.

Bill Moseley wrote on 1/24/05 11:10 AM:

> On Mon, Jan 24, 2005 at 02:47:15AM -0800, Philippe de Rochambeau wrote:
> 
>>Hello,
>>
>>what are the main Swish-e cgi security issues?
> 
> 
> Insecure usage.
> 
> 

-- 
Peter Karman  .  http://www.cray.com/craydoc/ .  karman(at)not-real.cray.com
Received on Mon Jan 24 09:17:01 2005