Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using Runtime.exec() to run an executable file. I have been researching and found out that there could be security concerns when using this in a application. Are there any security concerns when using Runtime.exec() to run an executable file?
The biggest one I can think of is Command Injection. YOu want to whitelist what gets run so someone can’t run “rm /” via your Runtime.exec. There are more ways for this to happen than you might think. For example what if a “directory” name is passed in as “foo; rm -r ; ls”.
Another one – if this is a web application – is that the permissions for the application (and therefore your Runtime.exec() command line aren’t the same as what the person hitting the web page has. Which means the person could delete your Tomcat or insert data into a database or …