Skip to main content.
home | support | download

Back to List Archive

Re: swish-e 2.4 | 2.5 under Windows

From: David L Norris <dave(at)not-real.webaugur.com>
Date: Thu Jun 02 2005 - 14:47:51 GMT
On Thu, 2005-06-02 at 07:29 -0700, Bill Moseley wrote:
> On Thu, Jun 02, 2005 at 07:02:56AM -0700, Roman Chyla wrote:
> > [Thu Jun 02 15:52:43 2005] [warn] exec() may not be safe
> 
> Is that from PHP?

I believe it is from Apache when running on systems with an insecure
shell.  (i.e. Windows 9x)  There's no way to escape anything in the DOS
shell.  One could easily take over the entire computer from a script
running on the web server.

-- 
 David Norris
  http://www.webaugur.com/dave/
  ICQ - 412039
Received on Thu Jun 2 07:47:51 2005