Is this a secure way to parse logs over the web?

[Adrian Crenshaw <irongeek () irongeek com>]

Ok, not saying this code is well done, but I had a question about if it was
possible to do some Regex injection that has really bad consequences. I've
made a simple little PHP (attached) script as a test to look for the top
404s and 403 on a site based on its http log. Since web scanners seem to
cause a lot of these (causing errors and looking for files that are not
there), it seems like a good way to spot them. The downside, I'm pretty
much letting the user put anything into the regular expression for
searching that they want. I'm not using the exec function, but preg_match
instead, so shell execution should not be an issue as far as I know.
Assuming I don't care if people know what is in my logs, how secure is
this? I could also always just password it off.


Thanks,
Adrian


-- 
"The ability to quote is a serviceable substitute for wit." ~ W. Somerset
Maugham

Attachment: lookforbad.txt
Description:

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com