Nicolas Le Clerc <nleclerc@pobox.com> writes: } }On a Unix machine, with no more than three successive alphabetic }characters you can still do: } } `rm -rf /`; } }Even if your script is not running as root, this won't do much good to }your machine. On any Unix machine where the admin has half a clue, the web server is running chrooted and with a uid of "nobody" or equivalent. There's a limit to the damage that can be done. I don't have much interest in or experience with Mac webservers (I run NetPresenz on my Mac just for kicks), but I believe they also don't permit mucking around outside the folder in which they are placed (the equivalent of chroot), and are running as "Guest". Not that I think that running a CGI that does arbitrary evals is a good idea (it's a terrible idea), but it's not like posting the root password ... } }Nicolas } }-- }Nicolas LE CLERC }<mailto:nleclerc@pobox.com> }<finger:nleclerc@pobox.com> } } --- Paul J. Schinder NASA Goddard Space Flight Center Code 693, Greenbelt, MD 20771 schinder@pjstoaster.pg.md.us ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch