--0016361e81a424fe9804757308d2 Content-Type: text/plain; charset=ISO-8859-1 Thanks all for the input. Unfortunately there is no other way to execute this particular script. It is actually a custom written application written by another team at my company. However, the device this application is controlling does not allow users access to a shell so correct me if I'm wrong the risk here are minimal in that regard. The only safeguard I was looking for which has been answered was against the apache user attempting to execute some malicious code. If a user happens to gain shell access to this device we have way bigger problems. Again, thanks everyone for the input and please let me know if I'm overlooking something. On Thu, Oct 8, 2009 at 8:56 AM, Bertram Scharpf <lists / bertram-scharpf.de>wrote: > Hi, > > Am Donnerstag, 08. Okt 2009, 04:15:21 +0900 schrieb Zundra Daniel: > > > > /usr/bin/cmd -username #{username} -password #{password} > > It has already been said that this is very dangerous. Please check > the command you want to execute for something like ssh's > SSH_ASKPASS environment variable or gpg's --passphrase-fd option. > > Bertram > > > -- > Bertram Scharpf > Stuttgart, Deutschland/Germany > http://www.bertram-scharpf.de > > --0016361e81a424fe9804757308d2--