Hi: I found that the grassBatchJob is so excited that I like it,however I wonder that each time a user who want to run grass in my web application have to write a .sh file and then call the grass with the BATCH_JOB may cause low effectivity? after all, this is realated the IO operation, isn't it? 2010/3/3 Hamish <[email protected]>
> ... and if *any* user editable inputs will be visible from the web side of > the app make 100% sure that you have bounds checked and sanitized every > single one of them. Stripping all punctuation and limiting the string > length > before passing as a module option is a good first step. > > I've no idea about java but with unix power tools pipe it through > `cut -b 255 | sed -e 's/[^a-zA-Z0-9_]//g'` > > to only keep the first 255 chars, and only keep a-z, A-Z, 0-9, and the > underscore "_". > > > there are chances for buffer overflows and unquoted shell script variables > all over the place. > > > Hamish > > > > >
_______________________________________________ grass-user mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/grass-user
