This would be a "classic" Perl application. There are a lot of scripts floating around out there of this type. However, not all of them are built with an eye toward security. Some points to look for in a script (or to include in your own) are the -T flag on the line (called shebang) that invokes Perl at the beginning: #!/usr/bin/perl -wT The T invokes "taint" mode, which prevents you from using user-supplied values in a dangerous way without first "purifying" them.

The w, which I added as well, turns on extra warnings from the compiler, which will facilitate debugging. (On a finished program, this flag would be less important.)

Any program that's going to be used in a web (CGI) environment ought to use the CGI module: use CGI;. This module has been written to take care of major security issues, and is constantly being updated to protect against new exploits.

Finally, it is extremely helpful to add use strict; at the top of your program. This enforces the use of good programming practice (within limits).

The Web Techniques columns by our own merlyn should give you more ideas.

In reply to Re: Is Perl a good language to use to create online forums by mpolo
in thread Is Perl a good language to use to create online forums by hush04

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.