I'm not saying with that example you should leave it the way I posted it, where access is global. In fact I agree with you. The user and pwd should be verified on a user basis for something so open as the example. But what I do say, is that I do not recommend allowing http access to this script if it will be accessable to the internet. Even SSL is not bullet proof, but atleast it's not plain text.
'CLEAR-FILE DATA VOC' is exactly the reason it should be behind some kind of encryption, or even better yet (DOS /c 'FORMAT C: | y') or (SH -c 'rm -r'). I did'nt mean to give anything other than a clear cut example, but the example is like giving a hacker a back door to the command line, so be safe with it. That's really all I can say. In most of my uses the user an pwd are defined behind the scenes because the server is out to do a specific chore. Like in a POS E-Commerce site. You don't allow your customers access to your database, but you do allow your servers to retrieve information from the database. Vance ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, February 15, 2005 3:11 PM Subject: Re: [U2] UV to Web interface > Vance: "I'm looking forward to having the user type 'CLEAR-FILE DATA VOC' and > clicking the submit button. Watch the fur fly." > > Ian the example is just that :) It's not really meant, at least as far as I go, to actually execute in that manner. It's just an example of how to talk to a session so THAT you can build something better. > A lot of us have a problem getting our foot in the door without at least some kind of simple example to start with. > Will > ------- > u2-users mailing list > [email protected] > To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
