.ig >>
<STYLE TYPE="text/css">
<!--
        A:link{text-decoration:none}
        A:visited{text-decoration:none}
        A:active{text-decoration:none}
        OL,UL,P,BODY,TD,TR,TH,FORM { font-family: arial,helvetica,sans-serif;; font-size:small; color: #333333; }

        H1 { font-size: x-large; font-family: arial,helvetica,sans-serif; }
        H2 { font-size: large; font-family: arial,helvetica,sans-serif; }
        H3 { font-size: medium; font-family: arial,helvetica,sans-serif; }
        H4 { font-size: small; font-family: arial,helvetica,sans-serif; }
-->
</STYLE>
<title>shsql: security issues</title>
<body bgcolor=99cc99 vlink=0000FF>
<br>
<br>
<center>
<table cellpadding=2 bgcolor=FFFFFF width=550 ><tr>
<td align=right><a href="shsql_home.html">
<img src="img/shsql.gif" border=0><br><small>SQL database system</a> &nbsp; </td></tr>
<td>
.>>

.TH security issues TDH "18-MAR-2004   TDH scg@jax.org" 

.SH Summary of security issues

.LP
Untrusted users should not be allowed to enter SQL commands directly,
except perhaps where your database is set to
.ig >>
<a href="config.html#dbreadonly">
.>>
\0read-only
.ig >>
</a>
.>>

.ig >>
<br><br><br>
.>>

.LP
.ig >>
<a href="createstream.html">
.>>
\0CREATE STREAM
.ig >>
</a>
.>>
issues shell commands.  If you build these shell commands on the fly
using user input, any shell metacharacters should be filtered
out of the user input to prevent hack attempts.

.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>
.ig >>
<br><br><br>
.>>

.ig >>
<br>
<br>
</td></tr>
<td align=right>
<a href="shsql_home.html">
<img src="img/shsql.gif" border=0></a><br>
<a href="Copyright.html">Copyright Steve Grubb</a> &nbsp;
</td></tr>
</table>
.>>
