in reply to Re: Fetching HTML Pages with Sockets
in thread Fetching HTML Pages with Sockets
Thanks for posting that script. I've been experimenting with sockets, lately, but strictly in the realm of our lan. I had to give permission to the firewall to let me through, but once I did this worked nicely. Question: are there any security issues involved in fetching a page in this way? Just want to make sure whether I'm playing with fire, or just scrabbling in the dirt as I usually do.
|
Re^3: Fetching HTML Pages with Sockets
by amt (Monk) on Sep 20, 2004 at 18:39 UTC
|
I can't think of any security issues that would arise from pulling files down in using a socket and HTTP directives, but keep in mind that if the sockets are not set up properly, you may leave ports open, so making sure that you close the sockets explicitly is always a good measure.
Also be sure to run perl with the Taint option if you plan on using the output from a remote location as the input on your script.
| [reply] |
Re^3: Fetching HTML Pages with Sockets
by zentara (Archbishop) on Sep 21, 2004 at 13:01 UTC
|
"are there any security issues involved in fetching a page in this way?" It shouldn't be anymore of a security issue than retreiving it with Mozilla, or any other browser. As a matter of fact, I would worry more about Mozilla than Perl. You have to learn how your firewall works. There is a difference between opening up a server on a port listening for connections, and using a port to receive from a connection which YOU initiated. It's called an 'established'
connection. One which you initiate, then open a port as part
of that established connection. Ftp works this way too. The next time you fetch a file thru http, with a conventional browser, type "socklist" (as root) and lookm at the sockets
and ports opened up to receive it.
I'm not really a human, but I play one on earth.
flash japh
| [reply] |