Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re^4: Essential CGI Security Practices

by Aristotle (Chancellor)
on Feb 03, 2002 at 02:46 UTC ( [id://143008]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Re: Essential CGI Security Practices
in thread Essential CGI Security Practices

Yes, I was replying to your note. I think you simply confused the one kind of error message with a different kind of error message. There's a distinct difference between what you were talking about and those error messages that should not be let out due to CGI security concerns. Input validation, as I mentioned it, was meant in the extended sense of any and all checks you may perform on your input data - ie not only the initial "does this look like a valid username" but also "do we have this username in our database" and "does the password match". Point taken that you mention paths and similar information separately, however I think you should drop the condition "if you're truly paranoid" because if you're anything less than truly paranoid there's not even a chance of achieving security. :-)

Makeshifts last the longest.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://143008]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2024-03-28 17:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found