Allowing users to execute operating system commands generally creates more
problems than it solves.

Anything that can be done via operating system commands can usually be done via
a language's native SDK. +
Therefore, our first suggestion is to avoid using OS commands in the first
place. +
However, if the application requires running OS commands with user-controlled
data, here are some security suggestions.