> how to make command line safe? The developers include a number of security checks within the ImageMagick distribution such as checks for buffer overflow and restricting the character set in the external delegate programs to prevent script injection. However, Anthony is right, you must perform standard web security due-diligence such as checking all user input and throwing an exception if any problematic characters are discovered (e.g. ![]&.). You may get additional security benefits by using a scripting language (.e.g. PerlMagick) rather than the command line. The source to MagickStudio (http://www.imagemagick.org/MagickStudio) is available online. Its been running for over 10 years with no known security incidents. Among other things we check each user string against a set of illegal characters (\&\;\`\'\"\|*?\~\<\>\^()\[\]\{\}\$\n\r) and stop denial of service attacks by limiting the maximum image size and setting the maximum disk consumption. If any of these checks are violated, the script throws an exception.
Have fun. _______________________________________________ Magick-users mailing list [email protected] http://studio.imagemagick.org/mailman/listinfo/magick-users
