Andrew, This is a quick email typed on a phone on an aiport so forgive me for not going to deep.
Basically : don't do it!!!!! The dangers are too big. You should avoid using shell() with anything that comes from user input. If the user chooses a username such as: " && rm -rf * And this, in a very unlucky day, is not detected by your security filters and this ends up in a shell() call, all your files are gone. Shell calls are very powerful and just like uncle ben said: "with great power comes great GREAT HACKING ENTRY POINTS AND SCRIPT INJECTION ". You should only use them with strings that have no part computed from third parties. Cheers -- enviado do meu Nexus S - android is freedom. http://andregarzia.com :: all we do is code http://fon.nu :: minimalist url shortening Em 09/08/2011 04:09, "Andrew Kluthe" <and...@rjdfarm.com> escreveu: > Here is another thing I am wondering about this evening. > > I am curious as to how much power the Shell() function in an On-Rev > configuration is. I'd like to create mySQL databases & users on the fly. > > I know the shell() function can run commands for you, but do you think I > will be able to create mysql databases and users as root? > > > Has anyone tried this? > > Thanks, > > Andrew > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
