• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Pass input to a shell script

 
Girish Singh
Greenhorn
Posts: 4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
I am completely new to jsp, but I was looking at this option as it seems to address my needs.

Basically, I am looking to have a jsp url hhtp://<webserver:8080>/index.jsp which would have a input variable box. The input to this should be passed as input to a shell script.

Appreciate your help!!
 
Richard Tookey
Bartender
Pie
Posts: 1166
17
Java Linux Netbeans IDE
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Girish Singh wrote:

Basically, I am looking to have a jsp url hhtp://<webserver:8080>/index.jsp which would have a input variable box. The input to this should be passed as input to a shell script.!


A really really bad idea. One should never give a user the opportunity to execute arbitrary, possibly malicious, code on your server.

What problem are you trying to solve?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64178
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Agree. Do you really want to give the user the ability to erase your hard disk?

Even so, this would not be the type of thing you would do from a JSP, but rather in a servlet that the JSP would submit to. But really, you do not want to open up this type of security hole.
 
Girish Singh
Greenhorn
Posts: 4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The shell script that i have explicitly does a certain function (which is not harmful).

All it needs is a input variable for the script.. and it is in the intranet and secure.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64178
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I still think it opens up high risk of script injection attacks.

But, in any case, and as I said, this is not something that you would do in a JSP, but rather a servlet (or Java class delegated by the servlet).
 
Girish Singh
Greenhorn
Posts: 4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
can you direct me to a url or something which would give me a sample for using servlet for this.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64178
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There's nothing servlet-specific about it. You'd use the normal Java means to run a process. See the Java in General forum for previous discussions of doing so.
 
Richard Tookey
Bartender
Pie
Posts: 1166
17
Java Linux Netbeans IDE
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Girish Singh wrote:The shell script that i have explicitly does a certain function (which is not harmful).

All it needs is a input variable for the script.. and it is in the intranet and secure.


I would be interested to know what sort of input variable the script needs. Since it is being executed on the server it must relate to the server and must therefore have a very limited domain. Cannot you present the user with a list of possible values and get your user to select one. Your server can then check that the value provided is actually one from the list.

P.S. there are malicious people on an Intranet as well as on the Internet!
 
Girish Singh
Greenhorn
Posts: 4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can give a drop down list as well, but that would be dynamic config that needs to be read from a file.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic