11 lines
413 B
Plaintext
11 lines
413 B
Plaintext
Allowing users to execute operating system commands generally creates more
|
|
problems than it solves.
|
|
|
|
Anything that can be done via operating system commands can usually be done via
|
|
a language's native SDK. +
|
|
Therefore, our first suggestion is to avoid using OS commands in the first
|
|
place. +
|
|
However, if the application requires running OS commands with user-controlled
|
|
data, here are some security suggestions.
|
|
|