Plan B. THINGS an AMAZING GTD application that sync's up with your iPhone. They seem to have FINALLY got it right. :-) ed
http://culturedcode.com/things/ On Fri, Jan 2, 2009 at 12:05 PM, Allen Shaw <[email protected]> wrote: > Hi All, > > I have a shell script that manages my todo list, and I'd like to access it > through the Web as well, for convenience when I'm traveling. ssh is not > ideal here, since Web gives me access from any machine without downloading > PuTTY, for example. Basic auth seems enough to protect my todo list from > abuse, but the stakes get higher when we consider that I'm accepting shell > script arguments over the web -- poor security could easily lead to > arbitrary code being passed to the shell. > > Can anyone here comment on the wisdom of relying on escapeshellcmd() in a > situation like this? For example: > <? > $script_path = '/path/to/shell/script'; > shell_exec(escapeshellcmd("$script_path {$_POST['user_input']}")); > ?> > > It looks right to me, and I've confirmed that it "works," but I can't test > to confirm it's "safe." I'd appreciate it if someone more experienced could > tell me if this is just a Bad Idea. > > Thanks, > Allen > > -- > Allen Shaw > slidePresenter (http://slides.sourceforge.net) > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -- IM/iChat: ejpusa Links: http://del.icio.us/ejpusa Blog: http://www.preceptress.com/blog Follow me: http://www.twitter.com/ejpusa Karma: http://www.coderswithconscience.com Projects: http://flickr.com/photos/86842...@n00/ Store: http://astore.amazon.com/httpwwwutopic-20 _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php
