Skip to main content.
home | support | download

Back to List Archive

re: Unsafe SWISH calls from Perl

From: Chris Humphries <ChrisJMH(at)not-real.vermilion99.freeserve.co.uk>
Date: Tue Sep 12 2000 - 12:31:03 GMT
Is the "unsafe" call to SWISH from Perl,

open(SWISH, "$swish -w $query -m $results $search_tags -f $index|");

unsafe on ANY platform?

Are there any obvious ways of checking the values passed to remove suspicious characters?

Are there legitimate strings that one could search for that would be interpreted as system commands?

Are PCs susceptible to something like the shell-escape problem that UNIX has?

Chris Humphries
Received on Tue Sep 12 12:31:14 2000