comment on

I can't imagine anyone actually providing a direct portal to files via a form.

There have been two recent cases on this site where someone has linked to code they've inherited/written that has done this (and more). Luckily, in both cases they were very open to suggestions and took the code down immediately and went off to learn more about security.

anyone who does anything in CGI should study the topic very closely before they use a script anyway.

Should and do are two very different things. It's no secret that many people first come into contact with Perl by trying to write a script for their website. Saying "well you should have studied security" after the fact is of little use. The more that is written on the subject, and the more commonplace it becomes, the better.

In reply to Re: Re: Hacking CGI - security and exploitation by cjf
in thread Hacking CGI - security and exploitation by IlyaM

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.