[nycphp-talk] escapeshellcmd stupidity?
ajai at bitblit.net
Sat Jan 3 01:15:58 EST 2009
On Fri, 2 Jan 2009, Allen Shaw wrote:
> I have a shell script that manages my todo list, and I'd like to access
> it through the Web as well, for convenience when I'm traveling. ssh is
> not ideal here, since Web gives me access from any machine without
> downloading PuTTY, for example. Basic auth seems enough to protect my
> todo list from abuse
Unless you're using HTTPS, that security is not sufficient since your
password will be sent as clear text across an open network...
More information about the talk