Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Are command arguments sanitized? #36

Open
TrevorBurnham opened this Issue · 1 comment

2 participants

@TrevorBurnham

If I do the following:

input = getStringFromUser();
client = require('lib/redis-client').createClient();
client.get(input);

will the person giving me the input be able to do something nasty, i.e. execute commands other than GET? It would be nice if the documentation said something definitive on this point.

@maritz

If at all, then inside of multi/exec which is only available in forks. However i doubt even that, because redis does not accept multiple commands in one buffered request. (multi/exec are actually a bunch of requests for each part, including multi and exec)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.