[Biopython-dev] [Bug 2508] NCBIStandalone.blastall: provide support for '-F F' and make it safe
bugzilla-daemon at portal.open-bio.org
bugzilla-daemon at portal.open-bio.org
Thu Jun 5 11:03:27 UTC 2008
http://bugzilla.open-bio.org/show_bug.cgi?id=2508
------- Comment #1 from biopython-bugzilla at maubp.freeserve.co.uk 2008-06-05 07:03 EST -------
You seem to have identified two issues. Adding support for -F should be fairly
easy.
For the security issue, the caller should be validating their input. Also if
running from a web-server, the permissions should also be restricted - failing
to do this is asking for trouble.
However, defence in layers would be good. Would you suggest a simple check for
the ";" character? What about escaped semi-colons? Also this a platform
dependant issue. The ";" character is Unix only. At the Windows command line
you have to use an &&.
Do you have a patch in mind?
--
Configure bugmail: http://bugzilla.open-bio.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the Biopython-dev
mailing list