[Pmwiki-users] Re: Request for Article: "How to write safe scripts"
Jonathan Scott Duff
duff
Mon Jun 21 08:00:32 CDT 2004
On Sun, Jun 20, 2004 at 11:25:46PM -0600, Patrick R. Michaud wrote:
> On Mon, Jun 21, 2004 at 10:17:33AM -0700, Steven Leite wrote:
> >
> > I'd like to see a short (or detailed) article which address this
> > potential for security breaches, and maybe give some tips on how
> > developers can improve their scripts.
>
> I don't have time for a detailed article at the moment, but here's
> a short list. Essentially you have to be wary of anything that is
> going to evaluate a string provided by an author as though it's
> an executable command or code. This means being careful with things
> such as PHP's eval() and system() functions, and also with preg_replace
> where the '/e' modifier is given or available. Thus...
PHP doesn't have an equivalent of Perl's taint mode?
-Scott
--
Jonathan Scott Duff
duff at pobox.com
More information about the pmwiki-users
mailing list