On Jun 6, 2009, at 3:09 PM, Bill Bumgarner wrote:
What others haven't mentioned is that it is also a potential security hole or source of confusion for your users. Namely, packing up command lines and then executing sub shells is rife with fragility and security issues.
He's not executing a subshell --- which was the source of the confusion, in fact.
As for fragility ... the tool *is* a published, public, documented API. Apple may ship a system without curl or with a version that behaves differently, but they may do the same thing with code that you link into your own address space (and in fact they do).
It shouldn't be your first resort, but IMHO there's nothing inherently wrong about using extra processes. In this case, using NSURL (or libcurl, if you really like curl) is probably a better approach.
_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
