Avoiding shell metacharacters in os.popen
ialbert at mailblocks.com
Wed Sep 29 18:52:26 CEST 2004
Nick Craig-Wood wrote:
> Avoiding shell metacharacter attacks is a must for secure programs.
Not passing down commands into a shell is a must for secure programs.
What you should do is recognize a command, identify it as a
valid and allowed one, then call it yourself. If you think that
escaping metacharacters gives you any kind of security you are
More information about the Python-list