Tariel Gogoberidze wrote:
You can do it if you keep the stack somewhere else outside of the CGI
folder, but I hear that can be a security risk (though I'm not sure how
exactly, but someone wrote me once with very strong opinions about it.)
Probably because it opens the door to what's usually called "executing
arbitrary code on remote computer" :)
Right, that's what they said, but I don't see how it could be done. The
CGI would only write specific data to a specific stack, and there isn't
any way to make it behave differently by sending commands to it. As long
as your CGI only operates on valid input, how could someone execute code?
The only way a CGI could be misused that way is if it contained a line
of script like:
do the params
which would be a really stupid thing to include. I can't think how a MC
CGI could be abused without something like that in it.
--
Jacqueline Landman Gay | [EMAIL PROTECTED]
HyperActive Software | http://www.hyperactivesw.com
_______________________________________________
metacard mailing list
[email protected]
http://lists.runrev.com/mailman/listinfo/metacard
