[sword-devel] diatheke security

Daniel Glassey dglassey at gmail.com
Wed Feb 7 01:51:53 MST 2007


On 07/02/07, Linas S. <mail at operis.org> wrote:
> Hello,
>
> I try to make online Bible script using diatheke. I got problem- security.
> Users can put everything in a search box on the web page, e.g.:
> Jesus;ls /etc
> If I run such the command:
> diatheke -b KJV -s phrase -k Jesus; ls /etc
> I will get list of /etc directory.
> I could check user input for characters other than letters a - z, but
> users can enter Greek text or Hebrew.
> Is here any "safe" way of using diatheke?

You should quote the search key like the perl cgi script does (iirc)
e.g. diatheke -b KJV -s phrase -k 'Jesus; ls /etc'

Regards,
Daniel



More information about the sword-devel mailing list