On Fri, Aug 22, 2008 at 4:18 PM, Andy Thomson <[EMAIL PROTECTED]> wrote: > Niklas: Windows can use commands like cacls, ie, normal command line tools, > no need for win32 api coding stuff.
Ah, I had no idea. Only seems to be available on Win2000 and forward and seems to have been replaced. But yet, seems useful. > My biggest concern is security, make sure code "pukes" correctly if someone > abuses the command. Like putting in very long path names, or ones with odd > characters. I did test it with Chinese filenames on Linux, no issues, and I > always check the arguments. No shirt, no shoes, no service. Of course there > is the other side, about people trying to change files that don't belong to > them [user or group], this is more about checking what the user can do per > some role or account permission. Yes, this is part of my concern as well. I'm pretty sure I will -1 contributions that rely on running processes from FtpServer. But trying to convince me otherwise is of course possible :-) And, providing the code as an addon (as we should allow for custom site commands) is an option. /niklas
