Hello Jan G.B.,

Am 2010-04-26 11:52:02, hacktest Du folgendes herunter:
> I would recommend not to let any user input to your shell. This piece
> of code is very insecure as any client may manipulate the shell
> command at will.

It is ony a simplified example...  The  original  shell_exec()  is  more
comlicate and I have no absolute pathes (they are mostly all dynamic).

> You don't want people to take over your server that easily.

:-)

> See http://www.php.net/escapeshellcmd and alike.

I know

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France           itsyst...@tdnet UG (haftungsbeschr├Ąnkt)
Gesch. Michelle Konzack          Gesch. Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz               Kinzigstra├če 17
67100 Strasbourg/France         77694 Kehl/Germany
Tel: +33-6-61925193 mobil       Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/>         <http://www.can4linux.org/>

Jabber linux4miche...@jabber.ccc.de
ICQ    #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/

Attachment: signature.pgp
Description: Digital signature

Reply via email to