PERL Security

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: PERL Security by duff (Parson) on Dec 09, 2003 at 00:34 UTC
Read perlsec. It's part of the standard perl distribution. Type "perldoc perlsec" at your shell prompt. PerlJam	[reply]
Re: PERL Security by rinceWind (Monsignor) on Dec 09, 2003 at 01:36 UTC
Try Ovid's CGI course. Lesson 3 contains an excellent section on why one shouldn't trust the shell with what the script been (directly) passed, and what damage a malicious user could do. By the way, it's perl or Perl, not PERL. -- I'm Not Just Another Perl Hacker	[reply]
Re: PERL Security by Zaxo (Archbishop) on Dec 09, 2003 at 00:37 UTC
`perldoc perlsec` comes with the perl distribution. After Compline, Zaxo	[reply]
•Re: PERL Security by merlyn (Sage) on Dec 09, 2003 at 11:09 UTC
I don't have anything on PERL security (not sure if that even exists), but I have an article on Perl (and `perl`) security at a recent SysAdmin column. I also talk a lot about security in general... you might google my columns for more information. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re: PERL Security by Anonymous Monk on Dec 09, 2003 at 01:00 UTC
Besides perlsec, are there any articles or publications from other sources? Thanks for the help.	[reply]
Re: PERL Security by matthewb (Curate) on Dec 09, 2003 at 07:31 UTC
Besides `perlsec`, the Camel has a chapter on security, although it covers the same ground. Perl.com ran an article last year called Preventing Cross-site Scripting Attacks, which pertains to the area of CGI security, as does the O'ReillyNet article Beware SQL Injection in Web Applications. Both of these should make interesting reading for you. Here are some more resources that I noticed are linked to from the Tutorials section of this site. Please do not be afraid to ask questions specific to the area you are dealing with - it is obviously very important for you to understand this stuff. MB Update: Here is another article of relevance from IBM DeveloperWorks, published in February 2004.	[reply] [d/l]
Re: PERL Security by jonnyfolk (Vicar) on Dec 09, 2003 at 10:22 UTC
And, of course, there's always Google ...	[reply]