node243.html

一本很好的python的说明书,适合对python感兴趣的人

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>11.2.5 Caring about security</title>
<META NAME="description" CONTENT="11.2.5 Caring about security">
<META NAME="keywords" CONTENT="lib">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="STYLESHEET" href="lib.css" tppabs="http://www.python.org/doc/current/lib/lib.css">
<LINK REL="next" HREF="node244.html" tppabs="http://www.python.org/doc/current/lib/node244.html">
<LINK REL="previous" href="Functions_in_cgi_module.html" tppabs="http://www.python.org/doc/current/lib/Functions_in_cgi_module.html">
<LINK REL="up" href="module-cgi.html" tppabs="http://www.python.org/doc/current/lib/module-cgi.html">
<LINK REL="next" HREF="node244.html" tppabs="http://www.python.org/doc/current/lib/node244.html">
</head>
<body>
<DIV CLASS="navigation"><table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="Functions_in_cgi_module.html" tppabs="http://www.python.org/doc/current/lib/Functions_in_cgi_module.html"><img src="previous.gif" tppabs="http://www.python.org/doc/current/icons/previous.gif" border="0" height="32"
  alt="Previous Page" width="32"></A></td>
<td><A href="module-cgi.html" tppabs="http://www.python.org/doc/current/lib/module-cgi.html"><img src="up.gif" tppabs="http://www.python.org/doc/current/icons/up.gif" border="0" height="32"
  alt="Up One Level" width="32"></A></td>
<td><A HREF="node244.html" tppabs="http://www.python.org/doc/current/lib/node244.html"><img src="next.gif" tppabs="http://www.python.org/doc/current/icons/next.gif" border="0" height="32"
  alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td><A href="contents.html" tppabs="http://www.python.org/doc/current/lib/contents.html"><img src="contents.gif" tppabs="http://www.python.org/doc/current/icons/contents.gif" border="0" height="32"
  alt="Contents" width="32"></A></td>
<td><a href="modindex.html" tppabs="http://www.python.org/doc/current/lib/modindex.html" title="Module Index"><img src="modules.gif" tppabs="http://www.python.org/doc/current/icons/modules.gif" border="0" height="32"
  alt="Module Index" width="32"></a></td>
<td><A href="genindex.html" tppabs="http://www.python.org/doc/current/lib/genindex.html"><img src="index.gif" tppabs="http://www.python.org/doc/current/icons/index.gif" border="0" height="32"
  alt="Index" width="32"></A></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="Functions_in_cgi_module.html" tppabs="http://www.python.org/doc/current/lib/Functions_in_cgi_module.html">11.2.4 Functions</A>
<b class="navlabel">Up:</b> <a class="sectref" href="module-cgi.html" tppabs="http://www.python.org/doc/current/lib/module-cgi.html">11.2 cgi  </A>
<b class="navlabel">Next:</b> <a class="sectref" HREF="node244.html" tppabs="http://www.python.org/doc/current/lib/node244.html">11.2.6 Installing your CGI</A>
<br><hr></DIV>
<!--End of Navigation Panel-->

<H2><A NAME="SECTION0013250000000000000000">
11.2.5 Caring about security</A>
</H2>

<P>
There's one important rule: if you invoke an external program (e.g.
via the <tt class="function">os.system()</tt> or <tt class="function">os.popen()</tt> functions),
make very sure you don't pass arbitrary strings received from the
client to the shell.  This is a well-known security hole whereby
clever hackers anywhere on the web can exploit a gullible CGI script
to invoke arbitrary shell commands.  Even parts of the URL or field
names cannot be trusted, since the request doesn't have to come from
your form!

<P>
To be on the safe side, if you must pass a string gotten from a form
to a shell command, you should make sure the string contains only
alphanumeric characters, dashes, underscores, and periods.

<P>

<DIV CLASS="navigation"><p><hr><table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="Functions_in_cgi_module.html" tppabs="http://www.python.org/doc/current/lib/Functions_in_cgi_module.html"><img src="previous.gif" tppabs="http://www.python.org/doc/current/icons/previous.gif" border="0" height="32"
  alt="Previous Page" width="32"></A></td>
<td><A href="module-cgi.html" tppabs="http://www.python.org/doc/current/lib/module-cgi.html"><img src="up.gif" tppabs="http://www.python.org/doc/current/icons/up.gif" border="0" height="32"
  alt="Up One Level" width="32"></A></td>
<td><A HREF="node244.html" tppabs="http://www.python.org/doc/current/lib/node244.html"><img src="next.gif" tppabs="http://www.python.org/doc/current/icons/next.gif" border="0" height="32"
  alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td><A href="contents.html" tppabs="http://www.python.org/doc/current/lib/contents.html"><img src="contents.gif" tppabs="http://www.python.org/doc/current/icons/contents.gif" border="0" height="32"
  alt="Contents" width="32"></A></td>
<td><a href="modindex.html" tppabs="http://www.python.org/doc/current/lib/modindex.html" title="Module Index"><img src="modules.gif" tppabs="http://www.python.org/doc/current/icons/modules.gif" border="0" height="32"
  alt="Module Index" width="32"></a></td>
<td><A href="genindex.html" tppabs="http://www.python.org/doc/current/lib/genindex.html"><img src="index.gif" tppabs="http://www.python.org/doc/current/icons/index.gif" border="0" height="32"
  alt="Index" width="32"></A></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="Functions_in_cgi_module.html" tppabs="http://www.python.org/doc/current/lib/Functions_in_cgi_module.html">11.2.4 Functions</A>
<b class="navlabel">Up:</b> <a class="sectref" href="module-cgi.html" tppabs="http://www.python.org/doc/current/lib/module-cgi.html">11.2 cgi  </A>
<b class="navlabel">Next:</b> <a class="sectref" HREF="node244.html" tppabs="http://www.python.org/doc/current/lib/node244.html">11.2.6 Installing your CGI</A>
</DIV>
<!--End of Navigation Panel-->
<ADDRESS>
<hr>See <i><a href="about.html" tppabs="http://www.python.org/doc/current/lib/about.html">About this document...</a></i> for information on suggesting changes.
</ADDRESS>
</BODY>
</HTML>