Re^8: Beginner Recommendations

I do host sites which use my perl scripts, yes

If you are using a perl earlier than 5.18, it is highly likely that your CGI scripts are vulnerable to algorithmic complexity attacks via hash keys, first addressed in the hash overhaul in 5.18.

(I was then, and am still now, a member of the Perl security team. At the time I was working for a company with responsibility for the safekeeping of 100s of millions of credit card numbers and associated personal data, and the main bug report leading to that hash overhaul was the single scariest issue I dealt with in my career.)

Comment on Re^8: Beginner Recommendations

Replies are listed 'Best First'.
Re^9: Beginner Recommendations by Bod (Parson) on Mar 29, 2023 at 23:43 UTC
If you are using a perl earlier than 5.18, it is highly likely that your CGI scripts are vulnerable to algorithmic complexity attacks via hash keys Interesting and worrying that many shared hosting providers use Perl 5.16.x	[reply]
Re^10: Beginner Recommendations by hippo (Archbishop) on Mar 30, 2023 at 08:48 UTC
CentOS 7, perchance? They only have another year of O/S support in that case so you'll get something slightly newer in a while. Also note that RH have been known to ship patched versions of key applications without bumping internal version numbers and this might (might!) apply to perl. Anyway, all of our customers on shared hosting are on 5.34 now. Msg me if you are thinking of moving. 🦛	[reply]
Re^9: Beginner Recommendations by harangzsolt33 (Deacon) on Jan 27, 2023 at 15:19 UTC
Correction: I do not host my website on my computer. That was a misunderstanding. I thought you asked if I store html and perl files on my computer. I do, but I don't host them as a webhost. My computer is connected to the internet only while I am sitting at my desk. When I am not there, I turn it off. And it has Windows XP on it. I don't think it could be turned into a hosting machine. All my sites are hosted at 100webspace.com where it looks like they use perl 5.016003. http://www.wzsn.net/list.pl	[reply]
Re^10: Beginner Recommendations by marto (Cardinal) on Jan 27, 2023 at 16:39 UTC
None of this invalidates anything hv said, also 5.16 < 5.18...	[reply]
Re^11: Beginner Recommendations by hv (Prior) on Jan 27, 2023 at 18:37 UTC
The 5.18 fix would have been backported some, certainly to 5.16: I should have said "if you are running a perl much earlier than 5.18". I do know it wasn't ported as far as 5.8, which my $work was running at the time - I had to make the patch for that myself, and then come up with a plan to deploy it for a company that had had so many problems with a previous 5.6 -> 5.8 upgrade they had pretty much resolved never to upgrade again. Happily, the eventual result was that they actually started upgrading perl more regularly again.	[reply]
Re^12: Beginner Recommendations by marto (Cardinal) on Jan 27, 2023 at 18:58 UTC