• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Pass input to a shell script

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
I am completely new to jsp, but I was looking at this option as it seems to address my needs.

Basically, I am looking to have a jsp url hhtp://<webserver:8080>/index.jsp which would have a input variable box. The input to this should be passed as input to a shell script.

Appreciate your help!!
 
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Girish Singh wrote:

Basically, I am looking to have a jsp url hhtp://<webserver:8080>/index.jsp which would have a input variable box. The input to this should be passed as input to a shell script.!



A really really bad idea. One should never give a user the opportunity to execute arbitrary, possibly malicious, code on your server.

What problem are you trying to solve?
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Agree. Do you really want to give the user the ability to erase your hard disk?

Even so, this would not be the type of thing you would do from a JSP, but rather in a servlet that the JSP would submit to. But really, you do not want to open up this type of security hole.
 
Girish Singh
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The shell script that i have explicitly does a certain function (which is not harmful).

All it needs is a input variable for the script.. and it is in the intranet and secure.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I still think it opens up high risk of script injection attacks.

But, in any case, and as I said, this is not something that you would do in a JSP, but rather a servlet (or Java class delegated by the servlet).
 
Girish Singh
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
can you direct me to a url or something which would give me a sample for using servlet for this.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's nothing servlet-specific about it. You'd use the normal Java means to run a process. See the Java in General forum for previous discussions of doing so.
 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Girish Singh wrote:The shell script that i have explicitly does a certain function (which is not harmful).

All it needs is a input variable for the script.. and it is in the intranet and secure.



I would be interested to know what sort of input variable the script needs. Since it is being executed on the server it must relate to the server and must therefore have a very limited domain. Cannot you present the user with a list of possible values and get your user to select one. Your server can then check that the value provided is actually one from the list.

P.S. there are malicious people on an Intranet as well as on the Internet!
 
Girish Singh
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I can give a drop down list as well, but that would be dynamic config that needs to be read from a file.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic