I think
Merlyn's suggestion is well-said: filter by what is allowed... but I, too, have wondered the same thing. Given that you have a CGI that (as
Gryphaan said) performs no system calls of any kind, and that the only allowed communication outside the script is through a (presumbly already named) plain text file, what sort of vulnerabilities could this program
possibly have? Sure, there are system-wide security measures to be taken: holes to patch through the OS, the web server, the file system, the router and so on, but that's beyond the scope of the question. I guess it all boils down to this: given this set of assumptions is there anything at all to worry about? Or is fear of the bogeyman hacker nothing more than hypochondria?
Gary Blackburn
Trained Killer
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.