[ale] OT - looking for some guidance with a perl script

F. Grant Robertson f.g.robertson at alexiongroup.com
Mon Apr 21 08:27:00 EDT 2003


Jim,
A regexp would probably be good enough.. 

$path =~ s/..\///sg;

something like that, you could refine it for your particular level of paranoia.. 

Someone will probably have a better answer but, that's how I'd handle it

-G

"No, I don't think your paranoid, just the opposite. I think you have these insane delusions that everyone really likes you." - Woody Allen



-----Original Message-----
From: ale-admin at ale.org [mailto:ale-admin at ale.org]On Behalf Of Jim Lynch
To: ale at ale.org
Sent: Monday, April 21, 2003 8:02 AM
To: Ale
Subject: [ale] OT - looking for some guidance with a perl script

What I'm trying to figure out is how to prevent someone from getting to
all the files on the system by adding /.. to the path or something else
more devious.  Now I could crack the path and look for a .. element or I
could store all the possible paths in a database an use a key to access
them.  I'm not sure there might not still be a security problem with the
first option and the second option seems to be overkill, besides,
displaying the path will be beneficial to the user.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.474 / Virus Database: 272 - Release Date: 4/18/2003

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list