RE: Perl, CGI, and Security

I didn't see you mention -T in this post, I hope you will be covering it. I'd be interested in helping you at some point, as there is a decent chunk of security for CGI in the book I have been working on.
As far as examples, well, you can surely find some (many of which would be fixed by using -T and Untaint.pm) out there, or use examples which have been known, and are now fixed (finger, wwwboard (ick), etc...).

Cheers,
KM

Comment on RE: Perl, CGI, and Security

Replies are listed 'Best First'.
(Ovid) RE(2): Perl, CGI, and Security by Ovid (Cardinal) on Aug 15, 2000 at 21:05 UTC
Oops. I realize that I should have been more clear on that. I alluded to it a couple of times, but did not explicity spell it out. Taint checking is of course one of the most important elements of CGI security and that's one of the one's that I intend to focus on quite heavily. My biggest concern now is that I just got a new job doing Perl and I am still finishing up another project for Special Olympics, so I am hoping to find the time to dedicate to this project so it doesn't drag out for two years. Aaargh!! Too much to do in my life. Cheers, Ovid	[reply]

Replies are listed 'Best First'.

(Ovid) RE(2): Perl, CGI, and Security
by Ovid (Cardinal) on Aug 15, 2000 at 21:05 UTC

My biggest concern now is that I just got a new job doing Perl and I am still finishing up another project for Special Olympics, so I am hoping to find the time to dedicate to this project so it doesn't drag out for two years. Aaargh!! Too much to do in my life. Cheers,
Ovid

[reply]