Re: Secure Form Script?
From: Stephen Samuel (samuel_at_bcgreen.com)
Date: 05/26/04
- Previous message: bp1974_at_comcast.net: "Re: looking for wireless linux security book"
- In reply to: Tim Tompkins: "Re: Secure Form Script?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 May 2004 15:05:06 -0700 To: Tim Tompkins <timt@spiderlinks.org>
I'm just going to drop out the direct-smtp Vs sendmail argument... I get
the sense that that's mostly a personal issue.
What I'm hearing in the middle of this is that there seems to be a really
nice (and widely known) module set that can easily do something like
mkpipe "r", FILEHANDLE, @arglist;
or
mkpipe "rw", READHANDLE, WRITEHANDLE, @arglist;
rather than the current 'give it a string and hope it gets parsed right'
method used with open().
Looking at the docs anew (boy do I love the Perl quick reference!),
it would seem that the best way to do that would be:
die "could not fork $!" unless defined( $cpid = open APIPE, "|-");
if( $pid == 0){
exec "cmd", @arglist ;
die "exec of cmd failed";
};
# else am parent
print APIPE "data\n";
Tim Tompkins wrote:
> From the perspective of a web-app developer, I feel much better knowing
> that I'm piping to sendmail for two main reasons:
>
> * The mail queue is maintained by an existing, reliable service. If my
.....
> * Handing the message off to sendmail/postfix ensures that I'm not
> holding up a web server process while my webapp attempts to deliver an
> Beth Skwarecki wrote:
>
>> It's silly to be piping things to sendmail this way in perl. There are
>> two reasons why:
>>
>> 1) To expand a bit on Bryce Porter's comments, it's much safer to use
>> system()'s built-in argument handling than to attempt to sanitize
>> arguments yourself before putting them all together on a command that
>> the shell gets to execute:
-- Stephen Samuel +1(604)876-0426 samuel@bcgreen.com http://www.bcgreen.com/~samuel/ Powerful committed communication. Transformation touching the jewel within each person and bringing it to light.
- Previous message: bp1974_at_comcast.net: "Re: looking for wireless linux security book"
- In reply to: Tim Tompkins: "Re: Secure Form Script?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
