View Single Post
  #81  
Old 7th February 2006, 19:23
webstergd webstergd is offline
Member
 
Join Date: Dec 2005
Location: Washington, DC
Posts: 53
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am paranoid. However, I get paid to be paranoid so I guess it is ok. :-) What you think is best Till probably will be the way to go. I trust your programming skills completely and I am sure your solution will be the best all around. Once this is up I can start hacking it and see what I get.

Just checked php's online documentation and the second post ,under the escapseshellcmd, is actually from someone who is talking about the security risk of this command. His personal recomendation was the same as mine. "actualy never accept any command from external sources only proven built-in predefined commands should be executed."

from the php documentation website:
Code:
Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$\, \x0A  and \xFF. ' and "  are escaped only if they are not paired.
Semi old security vulnerability on window IIS with php 4.3.6 and older: http://www.idefense.com/intelligence...lay.php?id=108
Reply With Quote
Sponsored Links