On Sunday 03 June 2007 04:59:04 Gordon Messmer wrote:
> What happens when you're processing "PASSWD", and someone used a quote
> in their password? You're not checking input anywhere in this script to
> make sure it's safe to pass to the SQL shell, which is bad.
Woops, thanks, added...
mksafe () {
echo "$1"|/bin/sed "s/'/''/"
}
> You don't even need awk for this sort of thing...
That strategy has the advantage of fully displaying all arguments
when using the mighty and irreplacable set -x.
> case ${TMPIN% *} in
Doesn't work with more than 2 tokens, ${TMPIN:0:3} works.
> > read A # throwaway
> > read B # throwaway
> > read ID
> > read PW
>
> That won't work when there's no newline.
As it turns out, fortunately, both these examples still work...
echo -e "AUTH 1\na\nb\nc\nd" | authProg
echo -e "AUTH 1\na\nb\nc\nd\n" | authProg
> That sort of problem is easier
> to fix when you're not using bash. Input validation probably is, too.
I need a very simple procedural working prototype before "porting"
this to PHP and the provided samplepipe.pl script was useless for
me. IMVHO it is not a good example to illustrate how the API works.
Thanks Gordon, my little script is simpler and safer now.
--markc
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
