Hello. I've written a little cgi and installed on a SuSE box. Apache was disabled. I restarted in, rename htdocs to htdocs_suse (yes, it's possible to change the htdocs dir from httpd.conf but I prefer the former procedure) and created my own htdocs dir. Then I did the same for cgi-bin dir (which contened test scripts, php included; and perhaps may be abused with the latest php xploit. Not checked for it), I mean, I cleaned cgi-bin at all and copy my cgi program there. I think machine is secure now, isn't it? (Original SuSE 6.4 with above described changes). Now I want to protect my CGI. Basically it only takes two strings: one which only contains numbers and other more generic (it can contain ";,|<>"... etc). I want to correctly (=secure) parse the variables before using it. Which would be the correct regexps? The next article: http://www.wiretrip.net/rfp/p/doc.asp?id=6&iface=4 points to several ideas. But I suppose it could miss some common checks... I prefer hearing from you. :-) Thx! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~