• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Shell Script on a string
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shell Script on a string

  • Subject: Re: Shell Script on a string
  • From: Axel Luttgens <email@hidden>
  • Date: Mon, 18 Nov 2002 22:33:46 +0100
Randal L. Schwartz wrote:

>>>>>>"Hudson" == Hudson Barton <email@hidden> writes:
>>>>>>
>>>>>>
>
>Hudson> set x to (do shell script ("echo '" & myText & "' | openssl bf -salt
>Hudson> -pass pass:" & Password1 & ""))
>
>
>>>These are *soooo* unsafe when the password contains odd characters.
>>>
>>>Shell quoting, people. Shell metacharacters, people.
>>>
>>>
>
>Hudson> Which "odd characters" are unsafe? Why are they unsafe?
>
>For "Password1", anything that is a shell metachar, like whitespace,
>pound, dollar, ampersand, star, parens, brackets, backlash, backticks,
>tilde, semicolon, single or double quotes, less than, greater than,
>question mark. And probably a few I didn't notice on my keyboard.
>
>For "myText", single quotes and backslash are significant.
>
>The problem is that you're constructing a command as a single string,
>then handing that to the shell to say "parse this into a command".
>Shell metachars are all significant at that point. At best, it means
>some things will break. At worst, it's a potential security
>nightmare.
>
>
>
You're right, Randall, at pointing to the problems one may encounter
with shell scripting's arguments.
That's why for example the single quotes had been introduced around
myText in the above line, as a first "defensive line".
But Hudson had a precise request (how to pass a string instead of using
a file), so that it had to be answered too.

Now, the question is: should the usual "unixian warnings"
(admonestations?) been emitted each time it comes about shell scripting
from within AppleScript?
Could rapidly become rather boring...
I don't know how to best manage such questions.
Any opinion?
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • unix shell encryption routine
      • From: Hudson Barton <email@hidden>
References: 
 >Shell Script on a string (From: Hudson Barton <email@hidden>)
 >Re: Shell Script on a string (From: Axel Luttgens <email@hidden>)
 >Re: Shell Script on a string (From: Hudson Barton <email@hidden>)
 >Re: Shell Script on a string (From: Hudson Barton <email@hidden>)

  • Prev by Date: Re: search and count
  • Next by Date: Re: search and count
  • Previous by thread: Re: Shell Script on a string
  • Next by thread: unix shell encryption routine
  • Index(es):
    • Date
    • Thread