Talk Like A Duck

Danger Will Robinson

Posted by Rick DeNatale Thu, 05 Oct 2006 15:23:00 GMT

Ruby has a nifty method in kernel called open. It’s quite powerful in the way it interprets its first argument, a string telling it what to open. It can open a file, or it can open a pipe to a sub-process it creates to run a command in that string. It takes quite a bit of open function has a similar interpretation of it’s first argument. Again it takes quite a bit of documentation to describe.

Which is a cause for concern. Most things that powerful can be misused.

I use an application called Awstats to get statistics on my websites. Awstats is a very popular application which is written in perl.

But I long ago disallowed access to Awstats from the outsite world after I found that my system had been compromised by a bad guy exploiting perl’s open function.

Posted in ruby | Tags bestpractice, perl, security | no comments | no trackbacks