[GRASS-user] grass env
maven apache
apachemaven0 at gmail.com
Wed Mar 3 08:52:35 EST 2010
Now I found another question, if I want to get the output of some grass
command,so can I still use the grass batch job manner?
2010/3/3 maven apache <apachemaven0 at gmail.com>
> Hi:
> I found that the grassBatchJob is so excited that I like it,however I
> wonder that each time a user who want to run grass in my web application
> have to write a .sh file and then call the grass with the BATCH_JOB may
> cause low effectivity? after all, this is realated the IO
> operation, isn't it?
> 2010/3/3 Hamish <hamish_b at yahoo.com>
>
> ... and if *any* user editable inputs will be visible from the web side of
>> the app make 100% sure that you have bounds checked and sanitized every
>> single one of them. Stripping all punctuation and limiting the string
>> length
>> before passing as a module option is a good first step.
>>
>> I've no idea about java but with unix power tools pipe it through
>> `cut -b 255 | sed -e 's/[^a-zA-Z0-9_]//g'`
>>
>> to only keep the first 255 chars, and only keep a-z, A-Z, 0-9, and the
>> underscore "_".
>>
>>
>> there are chances for buffer overflows and unquoted shell script variables
>> all over the place.
>>
>>
>> Hamish
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/grass-user/attachments/20100303/544ddebe/attachment.html
More information about the grass-user
mailing list