This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.

For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Security review

Help for those learning Tcl or writing their own scripts.
Post Reply
N
Nathema
Voice
Posts: 15
Joined: Wed May 13, 2009 6:25 am
Location: The Netherlands
Contact:
Contact Nathema

Security review

Post by Nathema »

I decided this week to write my own public commands script. Now i know there are security issues involved.
Before the script got too bulky i want to have the security done good.

Can some of u review the security in my script?

EDIT: My script went public. See here: http://forum.egghelp.org/viewtopic.php?t=16913
Last edited by Nathema on Thu May 28, 2009 4:50 pm, edited 1 time in total.
Top
n
nml375
Revered One
Posts: 2860
Joined: Fri Aug 04, 2006 2:09 pm

Post by nml375 »

A first comment, none of the commands are safe in the concept that there is no password verification of any user. If you make a slight typo or mistake when adding new hostmasks, or let people use the ident-command from shared IP-pools, this could very well grant one malicious user access to sensitive commands.

Other than that, your code looks ok at a first glance.
NML_375
Top
Post Reply

Return to “Scripting Help”