Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: NSTask & curl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSTask & curl

Subject: Re: NSTask & curl
From: Wim Lewis <email@hidden>
Date: Sat, 6 Jun 2009 15:29:02 -0700

On Jun 6, 2009, at 3:09 PM, Bill Bumgarner wrote:

What others haven't mentioned is that it is also a potential security hole or source of confusion for your users. Namely, packing up command lines and then executing sub shells is rife with fragility and security issues.

He's not executing a subshell --- which was the source of the confusion, in fact.

As for fragility ... the tool *is* a published, public, documented API. Apple may ship a system without curl or with a version that behaves differently, but they may do the same thing with code that you link into your own address space (and in fact they do).

It shouldn't be your first resort, but IMHO there's nothing inherently wrong about using extra processes. In this case, using NSURL (or libcurl, if you really like curl) is probably a better approach.


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



References:  
  >NSTask & curl (From: Ammar Ibrahim <email@hidden>)
  >Re: NSTask & curl (From: Andrew Farmer <email@hidden>)
  >Re: NSTask & curl (From: Ammar Ibrahim <email@hidden>)
  >Re: NSTask & curl (From: Bill Bumgarner <email@hidden>)




Prev by Date:
Re: NSTask & curl

Next by Date:
Re: NSTask & curl

Previous by thread:
Re: NSTask & curl

Next by thread:
Re: NSTask & curl

Index(es):

Date
Thread