Vance wrote: "'CLEAR-FILE DATA VOC' is exactly the reason it should be behind some kind of encryption, or even better yet (DOS /c 'FORMAT C: | y') or (SH -c 'rm -r'). I did'nt mean to give anything other than a clear cut example, but the example is like giving a hacker a back door to the command line, so be safe with it. That's really all I can say."
Well really clearing the VOC isn't that nasty compare to some things I could think of. But I think we're all clear that you don't want an open-ended command processor exposed in any way except maybe to a test system. What we're really talking about here is more along the lines of a button that says "Place my order" or "Add this product" or "Tell me what time it is" and each thing does a specific function upon logging in. Even though SSL isn't bullet-proof, lots of web sites allow you to log in, so it really just depends on how much mischief you can get up to after you log in. If someone knew my passwords to various web sites they could mess my life up, other web sites do very inocuous things. It really depends on what the programmer programs. The example is just a way to get started. Will ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
