Sorry it took so ling to respond but I was off since Thursday.
I am not entirely sure how your build script could be any less secure
than any file that gets executed on your system?
....
....
Can you elaborate on the situation you were thinking of?
I was just expressing my concerns about allowing a variable to be passed to the exec() command.
e.g.
if ($rdbms == 'MySQL')
{
$command = 'mysqldump';
...
....
...
etc...
}
exec($command);
...
..
I'd be worried about this situation as someone smarther than I may be able to set the $command variable to 'rm -r', 'chmod ...', etc.
Of course there are ways around this but I was just sharing a pre-warning in case you were going to implement the database builds in this way, so that any rdbms could be used.
Sorry, didn't mean to cause confusion.
Sonic
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
