The CGI runs swish-e as a system() (or open(), I can't remember) call. That's an
insecure way of doing anything via CGI.
Look at the search.cgi script for a better way, using the SWISH::API.
Bill Moseley wrote on 1/24/05 11:10 AM:
> On Mon, Jan 24, 2005 at 02:47:15AM -0800, Philippe de Rochambeau wrote:
>>what are the main Swish-e cgi security issues?
> Insecure usage.
Peter Karman . http://www.cray.com/craydoc/ . karman(at)not-real.cray.com
Received on Mon Jan 24 09:17:01 2005