Avoiding shell metacharacters in os.popen
Istvan Albert
ialbert at mailblocks.com
Wed Sep 29 12:52:26 EDT 2004
Nick Craig-Wood wrote:
> Avoiding shell metacharacter attacks is a must for secure programs.
Not passing down commands into a shell is a must for secure programs.
What you should do is recognize a command, identify it as a
valid and allowed one, then call it yourself. If you think that
escaping metacharacters gives you any kind of security you are
deceiving yourself.
Istvan.
More information about the Python-list
mailing list