in reply to secure CGI: books and examples?

You have the right ideas in general, which is good to hear for once. Ovid has a great CGI course which covers security in detail, and should be refered to if needed.

A thing to keep in mind is that you shouldn't be looking for dangerous things to strip out of input, you should be looking for safe things to keep. You should be using secure protocols, as you mentioned. http://nms-cgi.sourceforge.net/ is a good place to look at secure drop in replacements for the insecure scripts that populate the web. merlyn's WebTechniquescolumn is ver useful, and discusses the secure use of cookies, amongst other things.

Hope these things are useful.

Cheers,
Erik

Replies are listed 'Best First'.
Re: Re: secure CGI: books and examples?
by jsprat (Curate) on Apr 23, 2002 at 18:58 UTC
    Excellent references. Here's a couple more: Lincoln Stein (author of CGI.pm) maintains a CGI-centric site here and more general info here. Hosted at w3.org, so I trust it;)
[reply]

In Section Seekers of Perl Wisdom