Now I want to protect my CGI. Basically it only takes two strings: one which only contains numbers and other more generic (it can contain ";,|<>"... etc). I want to correctly (=secure) parse the variables
these chars interact with the shell, that's bad. so, don't use shell scripting for your CGI if you use perl or C, then avoid using - eval() - $() - `` Backticks - system() - popen() - open() - <> (perl file globbing) - glob() (perl) and everything else, that uses the shell. I hope, that I didn't missed something. :-) Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47