Calling an application from inside a python script Take 1
Joel Ricker
joejava at dragonat.net
Fri Jan 5 18:19:27 EST 2001
Donn Cave wrote in message <9351o8$8qm$1 at nntp6.u.washington.edu>...
>try that and see what happens? That's an intentionally hostile
>input (don't try it, really.) Accidental input errors might be harmless,
>or might not.
>
>I didn't see anything wrong with the ssh in your initial post, the
>problem was system(). system() + user-supplied input = unpredictable
>results. Use spawnv().
I'm not sure if you are familar with perl but perl has a pragma called Taint
that when enabled prohibits the use of user supplied input until the proper
input is regexed out of it - for example, usernames shouldn't have any
punctuation other than _ or control codes, etc. I'm not sure exactly what
Python has in this regard as this is Day 1 of my Perl Recovery Program (*s*)
but its a mindset worth applying.
Joel
I'd
More information about the Python-list
mailing list