... and if *any* user editable inputs will be visible from the web side of
the app make 100% sure that you have bounds checked and sanitized every
single one of them. Stripping all punctuation and limiting the string length
before passing as a module option is a good first step.
I've no idea about java but with unix power tools pipe it through
`cut -b 255 | sed -e 's/[^a-zA-Z0-9_]//g'`
to only keep the first 255 chars, and only keep a-z, A-Z, 0-9, and the
underscore "_".
there are chances for buffer overflows and unquoted shell script variables
all over the place.
Hamish
_______________________________________________
grass-user mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/grass-user
