You wrote: > Hi > > Is this this cgi script dangerous? the idea with the script to let > the www-user do simple mathematics, but I am affraid they can do > some thing dangerous, is there any differnts with Unix or Mac? > > Regards > > \Claes > > $math = $FORM{'calc'}; > $res=eval "$math"; > print <<ENDOFTEXT; > <html> > <title>Resultat</title> > <FORM method=post > action="matte2.cgi"> > <input type=text size=50 maxlength=60 name="calc" value="$math"> > <input type=submit value="Calculate"> > </FORM> > <pre> > The Results > > $math = $res > </pre> > </html> > ENDOFTEXT > 1; > There is a hole in your script : the eval() call is really dangerous because if someone guess that, he could try to give a Perl command as an argument and make something like eval a system() command ! :-/ Imagine the effect of something like : eval "system('rm -r *')"; I think that you could easily imagine all the possibilities... ------------------------- APERGHIS-TRAMONI Sebastien Word Wide Web : http://www.resus.org/~madingue E-Mail : madingue@cis.uni-muenchen.de (madingue@tango.resus.univ-mrs.fr) ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch