>Make some kind of generic function that will check the incoming string. >Allow NO Unix shell-characters ; : & > < and you will be fine. This is not a good approach to programming a secure environment. You should decide what consists of a vaild set of characters and allow only characters from that set, rather than deciding which characters aren't allowed. Its much safer building from the empty set, than removing from a full set. Just check that each character is in the set { [a-zA-Z][0-9].@_ } (and maybe a couple other characters). Fork/exec will also improve safety by bypassing shells. Eric +-----------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://cspo.queensu.ca/~fletcher/Circle/list_faq.html | +-----------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/18/00 PST