What do you mean by breaking into the system ? Do you mean through the network and you require SSL to be enabled for the user upload like Khen1950fx suggested ?
Or breaking into your box through some kind of injections?
You'll have to keep in mind while working that nothing will do the security checks for you, You'll have to do everything on your own.
Use catalyst if you want to build MVC based website, if you are not familiar with it or you don't want an MVC based web application then just use Template Toolkit and CGI::Application.
Normally for file upload you'll have to keep the uploaded file outside of your public_html folder (in the parent dir?) so it's not web accessible, and you should have suexec enabled webserver so your perl script run with your username not the webserver's username, then you'll have to change the permission of the file(s) so only your website user can read it.
for the download you can make a script that will take care of this using a database where only authenticated users can download their own files.
finally, if you do care too much about your web application getting cracked you might consider hiring a security consultancy to check out your web application (although they might not be perfect on their own, but they may be able to eliminate few exploits).
In reply to Re: Catalyst or other frameworks in a security critical context
by ahmad
in thread Catalyst or other frameworks in a security critical context
by ArgusM
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |