Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2005
    Canada, Halifax

    apache cgi script /dev/stdin

    I'm writing a number of CGI scripts and applications that use /dev/stdin to pipe their input from an html form using the post method. I'm under the impression that since post uses stdin instead of an environment variable it can handle data streams more efficiently than the get method.

    Are there any known buffer over-runs, exploits, or other liabilities that I should be aware of when using this method (not including whatever my scripts and apps are up to of course)? Any advice will be much appreciated.

  2. #2

    Smile Get and Post

    The main difference between the two is that GET can only supply a small
    amount of information, sometimes only 256 bytes whereas POST is unlimited
    unless you set a limit.
    The main thing to keep in mind is that you can't trust any information supplied
    by a user. If you ask for an email address, your script must check that it is only
    an email address and not an email address followed by a command to email the
    servers password file. If you ask for some text then you need to consider what
    to do if that text contains html or javascript. Most script language manuals have
    a chapter on security - read it carefully. Don't keep any essential information
    in hidden fields in your html forms. Hidden fields aren't displayed but they can
    be altered.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts