<div class="gmail_quote">Now I found another question, if I want to get the output of some grass command,so can I still use the grass batch job manner?<br><div class="gmail_quote"><br></div><div class="gmail_quote">2010/3/3 maven apache <span dir="ltr"><<a href="mailto:apachemaven0@gmail.com" target="_blank">apachemaven0@gmail.com</a>></span><div>
<div></div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>Hi:<br>I found that the grassBatchJob is so excited that I like it,however I wonder that each time a user who want to run grass in my web application have to write a .sh file and then call the grass with the BATCH_JOB may cause low effectivity? after all, this is realated the IO operation, isn't it?<br>
<div class="gmail_quote">2010/3/3 Hamish <span dir="ltr"><<a href="mailto:hamish_b@yahoo.com" target="_blank">hamish_b@yahoo.com</a>></span><div><div></div><div><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
... and if *any* user editable inputs will be visible from the web side of<br>
the app make 100% sure that you have bounds checked and sanitized every<br>
single one of them. Stripping all punctuation and limiting the string length<br>
before passing as a module option is a good first step.<br>
<br>
I've no idea about java but with unix power tools pipe it through<br>
`cut -b 255 | sed -e 's/[^a-zA-Z0-9_]//g'`<br>
<br>
to only keep the first 255 chars, and only keep a-z, A-Z, 0-9, and the<br>
underscore "_".<br>
<br>
<br>
there are chances for buffer overflows and unquoted shell script variables<br>
all over the place.<br>
<font color="#888888"><br>
<br>
Hamish<br>
<br>
<br>
<br>
<br>
</font></blockquote></div></div></div><br>
</blockquote></div></div></div><br>
</div><br>