Message146065
Perhaps a better idea would be to use different names, so it's clearer at the point of invocation that the shell is being invoked (and hence shell injection attacks are a potential concern). For example:
shell_call
check_shell_call
check_shell_output
That would make large applications easier to audit (just search for 'shell_') while still making life easier for sysadmins. |
|
Date |
User |
Action |
Args |
2011-10-21 06:41:58 | ncoghlan | set | recipients:
+ ncoghlan, alex |
2011-10-21 06:41:58 | ncoghlan | set | messageid: <1319179318.53.0.205854726663.issue13238@psf.upfronthosting.co.za> |
2011-10-21 06:41:57 | ncoghlan | link | issue13238 messages |
2011-10-21 06:41:57 | ncoghlan | create | |
|