Hi John, Thanks for the warning. I should be OK, my html form is within a firewall and the form only passes parameters to the shell script, the actual command that is executed is hard coded into the cgi script, so if you input the wrong parameter, e.g. rm -rf *, then it won't know what you are talking about and consequently do nothing. Cheers
Alex. John Brooking wrote: > This is an aside, but does the statement you are > executing come as a parameter from the HTML form? If > so, I presume you are aware that this is a very > dangerous practice, unless you have secured the form > page somehow (behind your firewall, etc.), and even > then I wouldn't be comfortable with it. What if > someone entered "rm -rf /" or "; mail > [EMAIL PROTECTED] </etc/passwd"? (These examples > come from the Security chapter of O'Reilly's excellent > book "CGI Programming with Perl".) > > - John > > --- Alex Read <[EMAIL PROTECTED]> wrote: > > Hi all, > > > > I have an html page that when I press the submit > > button the cgi script > > runs a shell script. I am having trouble because the > > html page hangs > > until the shell script has finished, i.e. the shell > > script process is > > not running in the background. I have tried the > > following; > > > > system "$my_shell_script &"; > > `$my_shell_script &`; > > exec "$my_shell_script "; > > exec "$my_shell_script &"; > > > > none of which work! The basis of my script is > > Formmail from Matt's > > script archive > > (http://www.worldwidemart.com/scripts/) if anyone > > knows > > it. > > Any suggestions? > > Thanks > > > > Alex. > > __________________________________________________ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://taxes.yahoo.com/ > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
