Hi there, I've been told that you've been advising people on security in programs which handle forms in NCSA httpd. I just wanted to confirm that you're talking about what I think you're talking about, and perhaps see any warnings you may have sent out to people. I am the developer of NCSA httpd and security issues in a system wherein programs are executed with data from foreign clients are extremely important to us. The document http://hoohoo.ncsa.uiuc.edu/cgi/security.htm discusses how to write safe shell scripts and gives examples of things which shouldn't be done. I'd like you to take a look at our document and let us know if there's anything we missed. Thanks --Rob