Thanks blue_cowdawg for your lengthy answer. There is so much to learn about Unix, servers, permissions, etc.
I've been using CGI::Application::Plugin::Config::Simple to read in my parameters. But tirwhan has me nervous about storing those logins at all.
Data validation ...
Thanks, I'm validating and untainting everything!
File uploads Treat with care.
I've been validating type, size, and then using CGI upload for this. Any other caveats?
Injection attacks...
Using placeholders for everything (I've been a monk long enough to never go without these)
Remote executions Web applications that allow random users to execute things
Do you have an example of this? I don't *think* I'm doing this.
—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.