Re: [code] Any ideas ?

From: Eric Green (egreen@cypronet.com)
Date: 10/03/96


>Make some kind of generic function that will check the incoming string.
>Allow NO Unix shell-characters ; : & > < and you will be fine.

This is not a good approach to programming a secure environment.  You
should decide what consists of a vaild set of characters and allow only
characters from that set, rather than deciding which characters aren't
allowed.  Its much safer building from the empty set, than removing from a
full set.  Just check that each character is in the set { [a-zA-Z][0-9].@_
} (and maybe a couple other characters).  Fork/exec will also improve
safety by bypassing shells.

Eric


+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
+-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/18/00 PST