Skip to content

Commit

Permalink
Documentation: fix typos
Browse files Browse the repository at this point in the history
  • Loading branch information
@acatton
acatton committed Apr 27, 2015
1 parent 41fa5b3 commit b14984c
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions docs/security.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,12 +157,12 @@ implented this way:
Why spm isn't vulnerable to shell injection by default
------------------------------------------------------

In order to prevent shell injection, you have to sanitize every data passed to
the shell. This requires discipline, and everybody knows that even with
discipline, humans make errors.
In order to prevent shell injection, you have to sanitize every piece data
passed to the shell. This requires discipline, and everybody knows that even
with discipline, humans make errors.

On the other hand, ``spm.run()`` doesn't allow for sql injection since it
requires arguments to be passed as a list.
On the other hand, ``spm.run()`` doesn't allow for shell injection since it
requires arguments to be passed as a list. (= directly to ``exec()``)

The only way to create shell injection would be to call spm this way (which
defeats the purpose of spm):
Expand Down

0 comments on commit b14984c

Please sign in to comment.