[Pmwiki-users] Re: Request for Article: "How to write safe scripts"

Jonathan Scott Duff duff
Mon Jun 21 08:00:32 CDT 2004


On Sun, Jun 20, 2004 at 11:25:46PM -0600, Patrick R. Michaud wrote:
> On Mon, Jun 21, 2004 at 10:17:33AM -0700, Steven Leite wrote:
> > 
> >    I'd  like  to  see  a  short  (or detailed) article which address this
> >    potential  for  security  breaches,  and  maybe  give some tips on how
> >    developers can improve their scripts.
> 
> I don't have time for a detailed article at the moment, but here's
> a short list.  Essentially you have to be wary of anything that is
> going to evaluate a string provided by an author as though it's
> an executable command or code.  This means being careful with things
> such as PHP's eval() and system() functions, and also with preg_replace
> where the '/e' modifier is given or available.  Thus...

PHP doesn't have an equivalent of Perl's taint mode?

-Scott
-- 
Jonathan Scott Duff
duff at pobox.com



More information about the pmwiki-users mailing list