On Fri, Mar 26, 2004 at 07:54:01AM +0100, Erik de Mare wrote: > you could use <form> and the the <OPTION value=day>day <OPTION > value=week>week, so that the visitor only can pick 1. and the value is > unchangeable so that it is always in the right format. That only helps you if you can somehow guarantee that nobody will ever send you an HTTP request that originates from something other than your form. This is not generally possible without closed networks and trusted hardware. Anybody can, for example, telnet to port 80 and type "GET http://whatever/cgi-bin/whatever.cgi?BADSTUFF";. That's why, if you care about security at all, you'll always check your inputs for crazy values.
> Koos van den Hout wrote: > > I am playing with some rrd generated graphs, and I'd like to give the > > period (day, week, month, year) as a parameter to the cgi. I'd also like to > > give targets as parameter, but that is secondary. > > > > But, I never trust input from the web to be what I want, or to be safe. So, > > I want to check whether it's day/week/month/year and if it isn't, not even > > try to start rrdgraph. > > > > So, is there a way to check input values in rrdcgi? Or do I need to fall > > back to a perl wrapper? > > > > Koos van den Hout -- Ed Schmollinger - [EMAIL PROTECTED] -- Binary/unsupported file stripped by Ecartis -- -- Err : No filename to use for decode, file stripped. -- Type: application/pgp-signature -- Unsubscribe mailto:[EMAIL PROTECTED] Help mailto:[EMAIL PROTECTED] Archive http://www.ee.ethz.ch/~slist/rrd-users WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
