Recently I am building a web service that user input will be used to run a bash command on the server side. What are the security problem I need to take care? Right now I find one that user could submit things include pipe like "valid thing | something bad" and my server did run that "something bad"! I mainly use nodejs and exec from shelljs to build the server.
Aucun commentaire:
Enregistrer un commentaire