For more details and a discussion of security issues, we recommend Lincoln D. Stein's WWW Security FAQ at:
http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html
HTML Path option. If you wish to specify a different directory then you must set the File Path option to the correct path when creating the file object.
The file object must exist and be writable by nobody (i.e. the user name is literally nobody). If the file object does not exist, then the directory where the file will be must exist and be writable by the user nobody. We recommend that you allow the file object to exist and be writable by user nobody while restricting write permission to the directory, thus minimizing the risk to other files within the directory.
excvp; if no arguments are specified, popen will be called.
There are security concerns for the Sapphire ExecData objects that do not have arguments passed through their standard input channel. They are vulnerable because the command in a popen call is interpreted by the Bourne Shell, and can be hacked. For example, a hacker could send executable commands to your server by using special character sets sent via your CGI. Do not take it for granted that the Browser information is correct.
wrap, as it will not interpret the users' input at the shell level. You must specify the command-line arguments as wrapped by using double quotes. When the CGI executes the ExecData object it will put in a single quote for you.Project SQL in HTML to TRUE. If it is set to TRUE, any SQL statement could executed by simply placing SQL into the HTML template. This could offer a hacker the opportunity of destroying your database.