Eric Butera wrote:
>> Why is it a security concern to execute another bit of code?
>> I really fail to see any security concern in doing e.g.
>>
>> exec('gzip -c /tmp/myinputfile')
>>
>
> In the real world would that be your exact usage? Would the file to
> be compressed be a variable by chance?
I think in the context of this thread, the file to be compressed would
likely be a temporary file with a generated temporary name, so yes, the
filename would be held in a variable.
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
