comment on

for whatever reason the boss doesn't want to upgrade to a modern frame work

Come on, let's be honest here. The reason is money. Someone who isn't interested in investing in new, stable technology when the old technology is recommended against, won't be interested in investing much in good security practices either.

That mentality changes quickly when the company is hacked or taken for ransom. At that point though, everyone is scrambling to patch things in an uncontrolled manner, and far more money is spent recklessly than if the original investment in better practices had been made. I have seen this time and time again in my 20+ years in the industry.

PS. From the CGI documentation itself:

"CGI.pm is no longer considered good practice for developing web applications, including quick prototyping and small web scripts. There are far better, cleaner, quicker, easier, safer, more scalable, more extensible, more modern alternatives available at this point in time."

In reply to Re: XSS Protection in cgi application by stevieb
in thread XSS Protection in cgi application by newperldeveloper

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Problems? Is your data what you think it is?
	PerlMonks