Apparently, do dont do cgi. If it was php, then commands can be passed to the system using the system()[1] call. But be aware that even if you have user authentication to restrict users to pass values through the system() function, there is a technique called "SQL Injection"[2] that allows you to pass arbitrary, malicious sql values to scripts, if they are not coded well.
-- "Trust is the greatest gift one person can give another" -- Xander Solis On Wed, 7 Jul 2004 00:22 , rad radsys <[EMAIL PROTECTED]> sent: >Hi Gurus, > >it may sound easy for you guys but.... > >im trying to make a cgi script that will execute system administrative commands, which is root user only. so how will i tell the system where the administrative commands will be run that i'm "root" user, since im going to execute commands via my cgi script? I'm using apache 1.3.. > >Thanks in advance.. > > >Kind regards, > >rad > Do you Yahoo!? > >Yahoo! Mail Address AutoComplete - You start. We finish. ---- Cool Things Happen When Mac Users Meet! Join the community in Boston this July: www.macworldexpo.com -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
