Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Surely if your command line is tainted then you have bigger problems?


people often have websites that take some parameters and then pass them to grep or whatever, in the exact same way that they pass parameters that came from the user to an SQL engine.

As long as its data, no problem...

Injection attacks are injection attacks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: