Posted by Niels on 02/11/05 20:15

Hi,

Jason Wong wrote:

> To put it simply you would have to check *extremely* carefully the user
> input to ensure that it is not malicious, and that it is what it should
> be. I believe your original problem was about writing procmail files.
No, not exactly.

Thank you just the same, you bring up another good point. In the extreme
case, when I want to be really sure of the file, I have to parse it, just
as I parse all other data from the user. Yikes, that's a lot of work! I'm
counting on not doing that, but making sure I escape_cmd or whatever it's
called -- isn't that almost as good?


- Niels

• Next in thread: Re: [PHP] Secure system calls -- how
• Prev in thread: Re: [PHP] Secure system calls -- how
• Next in forum: Re: [PHP] Secure system calls -- how
• Prev in forum: Re: [PHP] Re: imagettftext color problem
• Thread view: Secure system calls -- how

[Reply to this message]