On Monday, April 22, 2002, at 12:27 , Alex Read wrote:
> Food for thought indeed! Fortunately the number of options the user has
> is small and so I can write my script like so;
>
> system "Myscript option1" if ("$Form_input" eq "Nice_things1");
> system "Myscript option2" if ("$Form_input" eq "Nice_things2");
> etc ...
that might be more work - than a
sub Harvey_Keitel_the_cleaner {
my (@params) = @_;
# do the cleaning and checking
# if there is a detection of unpleasantry
# then do the cgi_fatal and bail
@params ;
}
my $params = split ' ' , (Harvey_Keitel_the_cleaner(getparams()));
my $cmd = "ourCoolScript";
system( "$cmd $params\n");
At which point it might be worth it to bring in the 'script'
into the CGI and manage it all from inside....
> Also this form is being used more as a "make my life easier and stop me
> having to type lots of silly long things into the command line" for
> internal use only, as opposed to a real WWW application.
Oh sure - that's what they all say.....
"strictly for internal consumption...." and then you have to
go the next round and beef it up for delivery with 'the product....'
along with installers, documentation, laps through QA.....
8-)
> Plus, the
> server is running as "somebody", as opposed to Root ..., so it has the
> same permissions as the user which means that if the user did decide to
> try and use my form for evil, then they shouldn't be able to do anything
> more evil than if they simply sat at their machine and typed;
> % GRrrrrrr evilnesss
> thanks for all the advice,
This is a setuid to the user CGI????
ciao
drieux
---
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
