Sevlet + Shell Command Execution

I need to implement image re-size functionality and the images can be big in siz开发者_JS百科e. So its probably not a good idea to do that in the java side and use shell commands like mogrify to perform the cpu intensive work. However just wanted to ask for suggestions like is it a good practice to execute OS system commands from the servlet ?

Thanks and Regards Surya

You will need to be very careful with your arguments: make sure you never execute a shell command using request parameter values directly, as this is a typical vector for cracking attempts. See https://www.owasp.org/index.php/Category:Input_Validation_Vulnerability and https://www.owasp.org/index.php/Category:Vulnerability for more information about vulnerabilities when doing things like this.