[OpenSPARC-T2-DV] / tools / src / nas,5.n2.os.2 / lib / python / html / python / lib / cgi-security.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<link rel="STYLESHEET" href="lib.css" type='text/css' />
<link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" />
<link rel='start' href='../index.html' title='Python Documentation Index' />
<link rel="first" href="lib.html" title='Python Library Reference' />
<link rel='contents' href='contents.html' title="Contents" />
<link rel='index' href='genindex.html' title='Index' />
<link rel='last' href='about.html' title='About this document...' />
<link rel='help' href='about.html' title='About this document...' />
<link rel="next" href="node476.html" />
<link rel="prev" href="node474.html" />
<link rel="parent" href="module-cgi.html" />
<link rel="next" href="node476.html" />
<meta name='aesop' content='information' />
<title>11.2.6 Caring about security </title>
</head>
<body>
<DIV CLASS="navigation">
<div id='top-navigation-panel' xml:id='top-navigation-panel'>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="11.2.5 Functions"
  href="node474.html"><img src='../icons/previous.png'
  border='0' height='32'  alt='Previous Page' width='32' /></A></td>
<td class='online-navigation'><a rel="parent" title="11.2 cgi  "
  href="module-cgi.html"><img src='../icons/up.png'
  border='0' height='32'  alt='Up One Level' width='32' /></A></td>
<td class='online-navigation'><a rel="next" title="11.2.7 Installing your CGI"
  href="node476.html"><img src='../icons/next.png'
  border='0' height='32'  alt='Next Page' width='32' /></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
  href="contents.html"><img src='../icons/contents.png'
  border='0' height='32'  alt='Contents' width='32' /></A></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
  border='0' height='32'  alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
  href="genindex.html"><img src='../icons/index.png'
  border='0' height='32'  alt='Index' width='32' /></A></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="node474.html">11.2.5 Functions</A>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="module-cgi.html">11.2 cgi  </A>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="node476.html">11.2.7 Installing your CGI</A>
</div>
<hr /></div>
</DIV>
<!--End of Navigation Panel-->

<H2><A NAME="SECTION0013260000000000000000"></A><A NAME="cgi-security"></A>
<BR>
11.2.6 Caring about security 
</H2>

<P>
<a id='l2h-3172' xml:id='l2h-3172'></a>
<P>
There's one important rule: if you invoke an external program (via the
<tt class="function">os.system()</tt> or <tt class="function">os.popen()</tt> functions. or others
with similar functionality), make very sure you don't pass arbitrary
strings received from the client to the shell.  This is a well-known
security hole whereby clever hackers anywhere on the Web can exploit a
gullible CGI script to invoke arbitrary shell commands.  Even parts of
the URL or field names cannot be trusted, since the request doesn't
have to come from your form!

<P>
To be on the safe side, if you must pass a string gotten from a form
to a shell command, you should make sure the string contains only
alphanumeric characters, dashes, underscores, and periods.

<P>

<DIV CLASS="navigation">
<div class='online-navigation'>
<p></p><hr />
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="11.2.5 Functions"
  href="node474.html"><img src='../icons/previous.png'
  border='0' height='32'  alt='Previous Page' width='32' /></A></td>
<td class='online-navigation'><a rel="parent" title="11.2 cgi  "
  href="module-cgi.html"><img src='../icons/up.png'
  border='0' height='32'  alt='Up One Level' width='32' /></A></td>
<td class='online-navigation'><a rel="next" title="11.2.7 Installing your CGI"
  href="node476.html"><img src='../icons/next.png'
  border='0' height='32'  alt='Next Page' width='32' /></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
  href="contents.html"><img src='../icons/contents.png'
  border='0' height='32'  alt='Contents' width='32' /></A></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
  border='0' height='32'  alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
  href="genindex.html"><img src='../icons/index.png'
  border='0' height='32'  alt='Index' width='32' /></A></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="node474.html">11.2.5 Functions</A>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="module-cgi.html">11.2 cgi  </A>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="node476.html">11.2.7 Installing your CGI</A>
</div>
</div>
<hr />
<span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span>
</DIV>
<!--End of Navigation Panel-->
<ADDRESS>
See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
</ADDRESS>
</BODY>
</HTML>
Commit	Line	Data
86530b38 AT	1	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	2	<html>
	3	<head>
	4	<link rel="STYLESHEET" href="lib.css" type='text/css' />
	5	<link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" />
	6	<link rel='start' href='../index.html' title='Python Documentation Index' />
	7	<link rel="first" href="lib.html" title='Python Library Reference' />
	8	<link rel='contents' href='contents.html' title="Contents" />
	9	<link rel='index' href='genindex.html' title='Index' />
	10	<link rel='last' href='about.html' title='About this document...' />
	11	<link rel='help' href='about.html' title='About this document...' />
	12	<link rel="next" href="node476.html" />
	13	<link rel="prev" href="node474.html" />
	14	<link rel="parent" href="module-cgi.html" />
	15	<link rel="next" href="node476.html" />
	16	<meta name='aesop' content='information' />
	17	<title>11.2.6 Caring about security </title>
	18	</head>
	19	<body>
	20	<DIV CLASS="navigation">
	21	<div id='top-navigation-panel' xml:id='top-navigation-panel'>
	22	<table align="center" width="100%" cellpadding="0" cellspacing="2">
	23	<tr>
	24	<td class='online-navigation'><a rel="prev" title="11.2.5 Functions"
	25	href="node474.html"><img src='../icons/previous.png'
	26	border='0' height='32' alt='Previous Page' width='32' /></A></td>
	27	<td class='online-navigation'><a rel="parent" title="11.2 cgi "
	28	href="module-cgi.html"><img src='../icons/up.png'
	29	border='0' height='32' alt='Up One Level' width='32' /></A></td>
	30	<td class='online-navigation'><a rel="next" title="11.2.7 Installing your CGI"
	31	href="node476.html"><img src='../icons/next.png'
	32	border='0' height='32' alt='Next Page' width='32' /></A></td>
	33	<td align="center" width="100%">Python Library Reference</td>
	34	<td class='online-navigation'><a rel="contents" title="Table of Contents"
	35	href="contents.html"><img src='../icons/contents.png'
	36	border='0' height='32' alt='Contents' width='32' /></A></td>
	37	<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
	38	border='0' height='32' alt='Module Index' width='32' /></a></td>
	39	<td class='online-navigation'><a rel="index" title="Index"
	40	href="genindex.html"><img src='../icons/index.png'
	41	border='0' height='32' alt='Index' width='32' /></A></td>
	42	</tr></table>
	43	<div class='online-navigation'>
	44	<b class="navlabel">Previous:</b>
	45	<a class="sectref" rel="prev" href="node474.html">11.2.5 Functions</A>
	46	<b class="navlabel">Up:</b>
	47	<a class="sectref" rel="parent" href="module-cgi.html">11.2 cgi </A>
	48	<b class="navlabel">Next:</b>
	49	<a class="sectref" rel="next" href="node476.html">11.2.7 Installing your CGI</A>
	50	</div>
	51	<hr /></div>
	52	</DIV>
	53	<!--End of Navigation Panel-->
	54
	55	<H2><A NAME="SECTION0013260000000000000000"></A><A NAME="cgi-security"></A>
	56	<BR>
	57	11.2.6 Caring about security
	58	</H2>
	59
	60	<P>
	61	<a id='l2h-3172' xml:id='l2h-3172'></a>
	62	<P>
	63	There's one important rule: if you invoke an external program (via the
	64	<tt class="function">os.system()</tt> or <tt class="function">os.popen()</tt> functions. or others
65	with similar functionality), make very sure you don't pass arbitrary
66	strings received from the client to the shell. This is a well-known
67	security hole whereby clever hackers anywhere on the Web can exploit a
68	gullible CGI script to invoke arbitrary shell commands. Even parts of
69	the URL or field names cannot be trusted, since the request doesn't
70	have to come from your form!
71
72	<P>
73	To be on the safe side, if you must pass a string gotten from a form
74	to a shell command, you should make sure the string contains only
75	alphanumeric characters, dashes, underscores, and periods.
76
77	<P>
78
79	<DIV CLASS="navigation">
80	<div class='online-navigation'>
81	<p></p><hr />
82	<table align="center" width="100%" cellpadding="0" cellspacing="2">
83	<tr>
84	<td class='online-navigation'><a rel="prev" title="11.2.5 Functions"
85	href="node474.html"><img src='../icons/previous.png'
86	border='0' height='32' alt='Previous Page' width='32' /></A></td>
87	<td class='online-navigation'><a rel="parent" title="11.2 cgi "
88	href="module-cgi.html"><img src='../icons/up.png'
89	border='0' height='32' alt='Up One Level' width='32' /></A></td>
90	<td class='online-navigation'><a rel="next" title="11.2.7 Installing your CGI"
91	href="node476.html"><img src='../icons/next.png'
92	border='0' height='32' alt='Next Page' width='32' /></A></td>
93	<td align="center" width="100%">Python Library Reference</td>
94	<td class='online-navigation'><a rel="contents" title="Table of Contents"
95	href="contents.html"><img src='../icons/contents.png'
96	border='0' height='32' alt='Contents' width='32' /></A></td>
97	<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
98	border='0' height='32' alt='Module Index' width='32' /></a></td>
99	<td class='online-navigation'><a rel="index" title="Index"
100	href="genindex.html"><img src='../icons/index.png'
101	border='0' height='32' alt='Index' width='32' /></A></td>
102	</tr></table>
103	<div class='online-navigation'>
104	<b class="navlabel">Previous:</b>
105	<a class="sectref" rel="prev" href="node474.html">11.2.5 Functions</A>
106	<b class="navlabel">Up:</b>
107	<a class="sectref" rel="parent" href="module-cgi.html">11.2 cgi </A>
108	<b class="navlabel">Next:</b>
109	<a class="sectref" rel="next" href="node476.html">11.2.7 Installing your CGI</A>
110	</div>
111	</div>
112	<hr />
113	<span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span>
114	</DIV>
115	<!--End of Navigation Panel-->
116	<ADDRESS>
117	See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
118	</ADDRESS>
119	</BODY>
120	</HTML>