Are command arguments sanitized? #36

Open
TrevorBurnham opened this Issue Aug 29, 2010 · 1 comment

Comments

Projects
None yet
2 participants
@TrevorBurnham

If I do the following:

input = getStringFromUser();
client = require('lib/redis-client').createClient();
client.get(input);

will the person giving me the input be able to do something nasty, i.e. execute commands other than GET? It would be nice if the documentation said something definitive on this point.

@maritz

This comment has been minimized.

Show comment Hide comment
@maritz

maritz Aug 30, 2010

If at all, then inside of multi/exec which is only available in forks. However i doubt even that, because redis does not accept multiple commands in one buffered request. (multi/exec are actually a bunch of requests for each part, including multi and exec)

maritz commented Aug 30, 2010

If at all, then inside of multi/exec which is only available in forks. However i doubt even that, because redis does not accept multiple commands in one buffered request. (multi/exec are actually a bunch of requests for each part, including multi and exec)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment