in reply to RE: A call for help from fellow Monks!
in thread A call for help from fellow Monks!

You have an excellent point about needing to understand CGI to understand security, but that's only part of the problem. A common exploit is using someone's dangerous script to mail the cracker a copy of the /etc/passwd file (and why weren't they using shadow passwords in the first place? But that's another issue). That's an OS and programming issue and not necessarily a CGI vulnerability. An understanding of race conditions, OS vulnerabilities and the "cracker mindset" should also be dealt with and these are not necessarily CGI issues.

I am rather conflicted as to the placement of the security section, but at the very least, a brief overview of security should be near the start of the tutorial with an explanation of why it is so important. Then, have security "checkpoints" throughout the tutorial to show possible exploits. It's too serious of an issue to not deal with up front.

Cheers,
Ovid

  • Comment on (Ovid) RE(2): A call for help from fellow Monks!

Replies are listed 'Best First'.
RE: (Ovid) RE(2): A call for help from fellow Monks!
by royalanjr (Chaplain) on Aug 08, 2000 at 00:15 UTC
    Security "checkpoints"; I like that *grin*

    I see your point, weaving security throughout the tutorial would strengthen it; rather than just a single spot.

    Roy Alan

[reply]

In Section Perl Monks Discussion