Hello,
I try to make online Bible script using diatheke. I got problem- security.
Users can put everything in a search box on the web page, e.g.:
Jesus;ls /etc
If I run such the command:
diatheke -b KJV -s phrase -k Jesus; ls /etc
I will get list of /etc directory.
I could check user input for
On 07/02/07, Linas S. [EMAIL PROTECTED] wrote:
Hello,
I try to make online Bible script using diatheke. I got problem- security.
Users can put everything in a search box on the web page, e.g.:
Jesus;ls /etc
If I run such the command:
diatheke -b KJV -s phrase -k Jesus; ls /etc
I will get
On Wed, 07 Feb 2007 10:51:53 +0200, Daniel Glassey [EMAIL PROTECTED]
wrote:
You should quote the search key like the perl cgi script does (iirc)
e.g. diatheke -b KJV -s phrase -k 'Jesus; ls /etc'
Yes, I did that. But I was not sure if it completely solves the problem.
Regards,
Linas S.
On Wed, 7 Feb 2007, Linas S. wrote:
You should quote the search key like the perl cgi script does (iirc)
e.g. diatheke -b KJV -s phrase -k 'Jesus; ls /etc'
Yes, I did that. But I was not sure if it completely solves the problem.
If user then writes ';ls /etc' it will become ...-k '';ls
I don't really recommend using diatheke as anything but a demo/sample
app. It's out of date, ill-maintained, and was never that good to begin
with. If you're setting up a Bible site, I would suggest trying to use
the BibleTool.
That said, your best means of really securing web-executed