Re: Add,Insert,Change,Delete File / Array

You need to use -w, strict and CGI.pm. All of these will make your scripts more robust.

Update: ajt is, of course, right. I don't know why I didn't add -T to my original list. Any CGI script that is not run in taint mode is just asking for trouble.

--
<http://www.dave.org.uk>

"The first rule of Perl club is you don't talk about Perl club."

Comment on Re: Add,Insert,Change,Delete File / Array

Replies are listed 'Best First'.
Re: Re: Add,Insert,Change,Delete File / Array by ajt (Prior) on Oct 04, 2001 at 18:56 UTC
I can't agree with my learned colleagues more, you should `use strict; use CGI;` and set the `-w` flag. Another thing to do however, is to switch taint checks on and scrub your data clean (detaint). Your CGI-BIN is a gaping hole in your server's defences against the world, and if you put something in there, especially something that writes to the disk system, you sould make sure that you know what it's writing and where. You can't trust the users not to add something nasty inside a form. Please read perlsec, to see why `-T` is a good idea. At best a inocent mistake could mess up your array, at worst they could format your hard disk....	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: Re: Add,Insert,Change,Delete File / Array
by ajt (Prior) on Oct 04, 2001 at 18:56 UTC

use strict; use CGI;

-w

Another thing to do however, is to switch taint checks on and scrub your data clean (detaint). Your CGI-BIN is a gaping hole in your server's defences against the world, and if you put something in there, especially something that writes to the disk system, you sould make sure that you know what it's writing and where. You can't trust the users not to add something nasty inside a form.

Please read perlsec, to see why -T is a good idea. At best a inocent mistake could mess up your array, at worst they could format your hard disk....

[reply]
[d/l]
[select]