RE: Perl, CGI, and Security

I'll be happy to perform a "security audit" on any code you post. Just drop me some email when you've got it done.

As an example, you'd not be burned by the "caret in the shell" problem if you just avoid sending any user input anywhere near a shell! As soon as you are looking for specific "bad characters", you've already lost the game. The shell is just too durn flexible. {grin}

-- Randal L. Schwartz, Perl hacker

Comment on RE: Perl, CGI, and Security

Replies are listed 'Best First'.
(Ovid) RE(2): Perl, CGI, and Security by Ovid (Cardinal) on Aug 14, 2000 at 04:18 UTC
Thanks for the offer. I appreciate it. Yeah, my comment about checking for a caret was pretty stupid. One of the security points that I want to harp on is that it is much safer to specify what you will allow as opposed to what you won't allow. All it takes is for the programmer to miss one naughty character and the game could be up. Cheers, Ovid	[reply]

In Section Perl Monks Discussion