Escaping strings to be used in shell commands?
Duncan Booth
duncan at rcp.co.uk
Thu Apr 12 11:00:06 EDT 2001
Gabriel Ambuehl <gabriel_ambuehl-py at buz.ch> wrote in
<mailman.987083178.3026.python-list at python.org>:
> Hello,
> I wonder what is the easiest way to escape user submitted strings so I
> can
> safely use them in os.system() calls. Limiting the allowed chars isn't
> feasible since I want them to use as safe passwords as possible and
> those generally DO consist of special chars. Any good ideas how I
> could solve this?
>
Does it matter what string you actually pass to your system call? If not you
could try passing the user's string through md5 and then
base64.encodestring:
>>> print base64.encodestring(md5.md5('$|\n').digest())[:-3]
8EnSjcXAL7P1V2SKKhbdhA
The process isn't reversible, but since you refer to using the strings as
passwords this may not matter.
More information about the Python-list
mailing list