https://bugzilla.mindrot.org/show_bug.cgi?id=2283
Salvador Fandi�o <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[email protected]
--- Comment #5 from Salvador Fandi�o <[email protected]> ---
3 use cases:
- quoting properly requires knowing the user remote shell or
auto-detecting it. This complicates creating scripts that connect to a
bunch of machines and do something.
- security issues: passing some data from an untrusted source (i.e. a
web POST) to a remote machine requires quoting the data. But creating a
generic quoter can be daunting and edge cases or bugs on the shell may
be exploited. This is a similar case to sql injection problem, where
using placeholders is far securer than quoting.
- lazy people: as quoting by hand requires work it is pretty common for
people writing scripts to just ignore the issue completely resulting in
crappy scripts. If it were as easy as adding a flag to the command
line, well maybe more people would use it.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug._______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
