|
Richard Lewis
richardlewis at fastmail.co.uk
Tue Jul 25 06:21:40 EDT 2006
Hi there,
Just investigating some possible implementation methods.
Does it pose a security risk in mod_python to do this sort of thing:
def handler(req):
# code is from memory so may not be correct
# but its the idea thats important ;-)
i, o = os.popen2("cmd")
i.write("some data")
i.close()
req.write(o.read())
o.close()
I don't really understand it properly, but I've read before now that using
pipes to execute shell commands from CGI scripts can be insecure. Does the
same apply with Apache modules like mod_python?
Cheers,
Richard
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Richard Lewis
Sonic Arts Research Archive
http://www.sara.uea.ac.uk/
JID: ironchicken at jabber.earth.li
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|