Loading ...
Sorry, an error occurred while loading the content.

proc getdata man page - new security concerns

Expand Messages
  • Stephen C. Grubb
    Hi again, This is essentially a repeat of the earlier direct CGI security message, but put another way because some of the concerns apply to any context (not
    Message 1 of 1 , Jun 1 12:45 PM
    • 0 Attachment
      Hi again,

      This is essentially a repeat of the earlier direct CGI security message,
      but put another way because some of the concerns apply to any context (not
      just direct CGI) where non-trusted users have access to parameters:

      Anyone building an application that will be accessible by non-trusted
      users should be familiar with the security concerns that I added today to
      the proc getdata man page, especially to use 'pathname:' rather than
      'file:' if the file name is built using variables.

      http://ploticus.sourceforge.net/doc/getdata.html

      Let me know of any concerns or questions. Thanks,

      Steve
    Your message has been successfully submitted and would be delivered to recipients shortly.