Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Essential CGI Security Practices

by gellyfish (Monsignor)
on Feb 04, 2002 at 12:02 UTC ( [id://143214]=note: print w/replies, xml ) Need Help??


in reply to Essential CGI Security Practices

As far as the CGI::Carp qw/fatalsToBrowser/ goes I would suggest an alternative to removing it altogether. CGI::Carp has had the facility to alter the output message for a quite a while - you can supply a coderef to a subroutine that will be called with the error message and which should print the text of the message to be output - you can set a $DEBUGGING variable to determine whether the actual error message gets output:

use CGI::Carp qw(fatalsToBrowser set_message); use vars qw($DEBUGGING); BEGIN { $DEBUGGING = 1; my $error_handler = sub { my $message = shift; print "<h1>Oooh I got an error</h1>"; print $message if $DEBUGGING; } set_message($error_handler); }

This allows you to easily switch on or off the detailed error messages and means you don't have to take the 'or die' out of potentially hundreds of lines of code.

/J\

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://143214]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (6)
As of 2024-03-28 14:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found