As stated earlier taint mode is about the easiest way to help you pin point bad data. Regex is the best way to untaint it; just remember that your expression should state what you want to allow not what you want to exclude. Always use strict.

Security is also large part of the system administrator. So for one apache should execute your cgi script as nobody. This will minimize the amount of damage that the security holes may cause. Additionally, its always a good idea to restrict the access to your scripts to be only executed by an allowed http referer.

I suggest always to try yourself first.... its always a good learning experience and then look at competitors products they may shed some light into how to improve and lock down security in your script.

Being concerned about security is always good. Remember that no script is perfect (especially when they are complex) the idea behind security is to minimize known risks and then to fix other risks as you find them. Its always a learning process.

Good Luck.

kha0z -- www.kha0z.net

In reply to Re: Getting help with CGI's by kha0z
in thread Getting help with CGI's by Ignorance

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.