in reply to Re: CGI.pm Filter out recurring NULL Bytes
in thread CGI.pm Filter out recurring NULL Bytes

I thought it would add some security to the program I'm making. As it is now I just filter param values as I use them with very strict patterns. Works good and there are no problems. That seems to be the "Best Practice" when dealing with param values.

I plan to release the final version to the public and the more I think about adding any security filter globally to the param's. I realize it could actually trick a developer into thinking they don't need to check the param's for issues. So "no" on filtering null bytes is the answer I'm leaning to.

That is not the only thing I wanted to talk about. I see in CGI there is a way to limit POST only, but no possible way to limit GET or the Cookies. Is there a reason why those are not needed?

  • Comment on Re^2: CGI.pm Filter out recurring NULL Bytes

Replies are listed 'Best First'.
Re^3: CGI.pm Filter out recurring NULL Bytes (now header limits)
by hippo (Archbishop) on May 25, 2016 at 12:21 UTC
    Is there a reason why those are not needed?

    They are headers, not body. The headers are already processed by the time your CGI script gets called so it's too late to do anything about them in terms of resource usage. Limits on headers are handled by the web server.

[reply]

In Section Seekers of Perl Wisdom