> This is very dangerous: > > http://someserver.com/cgi-bin/script.pl?ls%3Brm%20-fr%20%2F%3B > > With that url, you'll be executing the following: > > system("/usr/bin/fms_registration ls;rm -fr /; /usr/bin/fmserverd"); > Curtis thanks for the pointer I am aware that a few changes need to be made for security - the only allowable input will be numbers and a - .
This is a once only install exercise for Filemaker Server it can only be got to by the administrator of the server when they do the install and then the script gets deleted - its one of those secure as it can be areas. If the administrator wants to screw his own box then well he can do it in easier ways this script is already locked away from other areas on the server and as I said is only there while the software is being installed. I just need it to run the command and then go away - I can get it to run a shell script but not this for some reason. Of course if there other better/easier ways t to do this then great let me anyone is welcome to let me know - I don't use perl myself in fact i don't really program as such I build pkg files for Cobalt servers this is the last remaining pain for me in a Filemaker Server pkg. Gavin -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
