|
|
Use LaTeX formatted equations in Keynote
That /tmp/ stuff is a fair comment. I was aware of the ARGV thing but I wouldn't call that a security problem myself. Just did this to get stuff working and was hoping someone here would make it nicer.
Use LaTeX formatted equations in Keynote
You don't consider something like this a security issue? This is essentially what your code does:
Now, if the script was named foo.pl and called like:
Use LaTeX formatted equations in Keynote
(Sorry for reposting this, the > was un-entitized when I previewed and cut off some of post.. seems like a bug)
You don't consider something like this a security issue? This is essentially what your code does:
Now, if the script was named foo.pl and called like:
I'd get your passwd file. Or, perform whatever (multiple) shell functions I can with the permissions of the script. That's a security issue, and a basic one. I appreciate that you posted a hint, don't get me wrong... but too many times people take code from hint sites and use them, not knowing the danger that can be caused. Code with glaring security holes shouldn't be posted.. in my opinion :)
Use LaTeX formatted equations in Keynote
The reason I don't consider that a security issue is that if you've got access to perl and the command prompt anyway you can just get the file without faffing around with my script.
Use LaTeX formatted equations in Keynote
That would be a security issue IF the script were being called from the Web or an unprivileged environment.
Use LaTeX formatted equations in Keynote
You people are missing the point. The script is being posted on a "hints" site, and it is not secure. If it is on a multi-user environment, it can be dangerous. This isn't rocket science, it is Security 101. Posting insecure scripts on a 'hints' site is plain wrong. Period. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|