[GRASS-user] grass env
maven apache
apachemaven0 at gmail.com
Wed Mar 3 00:23:10 EST 2010
Hi:
I found that the grassBatchJob is so excited that I like it,however I wonder
that each time a user who want to run grass in my web application have to
write a .sh file and then call the grass with the BATCH_JOB may cause low
effectivity? after all, this is realated the IO operation, isn't it?
2010/3/3 Hamish <hamish_b at yahoo.com>
> ... and if *any* user editable inputs will be visible from the web side of
> the app make 100% sure that you have bounds checked and sanitized every
> single one of them. Stripping all punctuation and limiting the string
> length
> before passing as a module option is a good first step.
>
> I've no idea about java but with unix power tools pipe it through
> `cut -b 255 | sed -e 's/[^a-zA-Z0-9_]//g'`
>
> to only keep the first 255 chars, and only keep a-z, A-Z, 0-9, and the
> underscore "_".
>
>
> there are chances for buffer overflows and unquoted shell script variables
> all over the place.
>
>
> Hamish
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/grass-user/attachments/20100303/96498238/attachment.html
More information about the grass-user
mailing list