Security is a wide field ...
You think you are already safe on the process/local execution side
in the sense that no input to your program will allow remote
execution of arbitrary code on your server (due to buffer overflows).
Simply using -T dosen't make your program sure, because security
is a way of thinking and not something you get by applying some
magic command line switch to your script. But if you have gone
over your script and also have looked at the calls to open()
(these could allow shell code to be executed) you are believably
safe.
The remaining attacks are less security-wise attacks but more
attacks on your protocol and attacks on your infrastructure.
Attacks on your infrastructure are Denial Of Service attacks which
could flood your server or clients with many big packets,
eating their bandwidth (or simply connecting many clients
to your server, so that your server has to send one megabyte
to all the clients for every byte sent to the server, or simply
creating a loop where the server accepts itself as a client).
Attacks on the infrastructure are best opposed by monitoring
the system and setting the "right" ulimits. Attacks
on the protocol itself (like sending bogus client addresses,
making the server believe that it connects to itself etc.)
must be determined by looking at your protocol (which you
haven't told us about, but I guess these attacks are not really
possible, as your protocol simply relies on the TCP connection
being made).
Update : crazyinsomniac pointed out that I forgot to
mention perlsec, the Perl security manpage. My bad indeed.
perl -MHTTP::Daemon -MHTTP::Response -MLWP::Simple -e ' ; # The
$d = new HTTP::Daemon and fork and getprint $d->url and exit;#spider
($c = $d->accept())->get_request(); $c->send_response( new #in the
HTTP::Response(200,$_,$_,qq(Just another Perl hacker\n))); ' # web
| [reply]
[d/l] |