Re: Awstats Perl security

by Animator (Hermit)

on Nov 09, 2005 at 17:53 UTC ( [id://507154]=note: print w/replies, xml )

Need Help??

Some general hints to prevent anyone from having the same problems:

Always use the three-args version of open. Even for just reading a file. And always specify the mode (yes, even for reading!).
Always try to use system(LIST) or exec(LIST) and not system(EXPR) or exec(EXPR). You really don't want to need to quote things yourself.
Running code under -T (taint) can be useful aswell... (since it forces you to do something with the input before you can use it (in system, in open, ...)).

(Update: some minor changes)

Comment on Re: Awstats Perl security

In Section Perl News

Domain Nodelet^?

Node Status^?

node history
Node Type: note [id://507154]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others taking refuge in the Monastery: (4)

As of 2024-04-25 12:41 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found