You have an excellent point about needing to understand CGI to understand security, but that's only part of the problem. A common exploit is using someone's dangerous script to mail the cracker a copy of the /etc/passwd file (and why weren't they using shadow passwords in the first place? But that's another issue). That's an OS and programming issue and not necessarily a CGI vulnerability. An understanding of race conditions, OS vulnerabilities and the "cracker mindset" should also be dealt with and these are not necessarily CGI issues.
I am rather conflicted as to the placement of the security section, but at the very least, a brief overview of security should be near the start of the tutorial with an explanation of why it is so important. Then, have security "checkpoints" throughout the tutorial to show possible exploits. It's too serious of an issue to not deal with up front.
Cheers,
Ovid
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.