Scripting languages
Richard Edelman
edelman at speedscript.com
Wed Nov 21 18:23:51 CST 2001
On Wednesday 21 November 2001 12:05 pm, Brian Densmore wrote:
Perhaps the easiest way to protect yourself from something like that is to
make sure your scripts don't run as root; user nobody is probably the best.
Not to poke holes in your example or anything, but why would an online
comments page run any system commands aside from connecting to some database
and inserting the comment? :) Good security practice would include making
sure to strip escape sequences and such from the comment before inserting,
too.
Rich
> Does any one use PERL or Python or Ruby?
>
> I have been reading about this new script language Ruby.
> It looks really cool, but I have a few questions
> (which would be relevant to Perl|Python also).
> It allows regular expressions. My concerns on this are,
> how can I use such a language and protect myself from nasty
> little blue meanies bent on destroying my computer?
> Say I have an online comments entry web page.
> How do I protect myself from some kid typing in a regular
> expression that resolves to say "rm -rf /"?
More information about the Kclug
mailing list