Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Preventing DOS attacks with CGI.pm

by tadman (Prior)
on Aug 10, 2001 at 01:33 UTC ( [id://103645]=note: print w/replies, xml ) Need Help??


in reply to Preventing DOS attacks with CGI.pm

This should certainly be a part of the standard CGI distribution, because if it was, I'd see no reason to use CGI so blindly.

Why CGI doesn't turn this stuff off by default is beyond me. I would figure that it would be better for a few people to be wondering "Why don't my uploads work?" instead of a whole bunch of people wondering "Where did all my drive space go?"

Replies are listed 'Best First'.
(Ovid) Re(2): Preventing DOS attacks with CGI.pm
by Ovid (Cardinal) on Aug 10, 2001 at 01:47 UTC

    Since Lincoln Stein has added these global variables in CGI.pm, he's clearly aware of DOS problems. He has these fairly well documented in his POD, so I also wonder why they're not set. My guess is that he realizes that there is a hole here but he's trying to maintain backwards compatibility.

    I understand that one or both of these variables have been removed in CGI.pm versions 3+, so I'm curious how this situation has been addressed. tachyon raised this issue in this post about a security problem with 3.01. Since these globals don't appear to be present, it seems that this code wouldn't work for the newer versions.

    Cheers,
    Ovid

    Vote for paco!

    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

      CGI.pm version 3 is fairly bizarre. CPAN was "kind" enough to install it for me, and everything went to pot quite quickly. It had a tendency to declare the parameters as a non-scalar type CGI::Object. I'm not sure this is going to be a drop in replacement if that approach is taken, so there is no better time to fix all these outstanding issues.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://103645]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (9)
As of 2024-04-12 11:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found