NYCPHP Meetup

[nycphp-talk] escapeshellcmd stupidity?

Ajai Khattri ajai at bitblit.net
Sat Jan 3 01:15:58 EST 2009


On Fri, 2 Jan 2009, Allen Shaw wrote:

> I have a shell script that manages my todo list, and I'd like to access 
> it through the Web as well, for convenience when I'm traveling.  ssh is 
> not ideal here, since Web gives me access from any machine without 
> downloading PuTTY, for example.  Basic auth seems enough to protect my 
> todo list from abuse

Unless you're using HTTPS, that security is not sufficient since your 
password will be sent as clear text across an open network...


-- 
Aj.




More information about the talk mailing list