Re: CGI::Application and CGI security

What have you tried? I personally would put them right after the 'use CGI::Application;' line, but I haven't tested that.

------
We are the carpenters and bricklayers of the Information Age.

Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose

I shouldn't have to say this, but any code, unless otherwise stated, is untested

Comment on Re: CGI::Application and CGI security

Replies are listed 'Best First'.
Re^2: CGI::Application and CGI security by Anonymous Monk on Jun 30, 2004 at 15:24 UTC
Mostly I've placed it immediately beneath the use statements. It seems the most logical place. Ovid says to use them before you create a new CGI object. I don't know when CGI::Application does this, though my guess is that C::A doesn't create a CGI object until a query is requested. I do know that if used too late, the statements can't provide the intended protection.	[reply]
Re^3: CGI::Application and CGI security by dragonchild (Archbishop) on Jun 30, 2004 at 15:55 UTC
I do know that if used too late, the statements can't provide the intended protection. So, create a test that sees if the protection is there, verify that the test works by not having those statements, then put them in various places until you see the desired results. A neat side-benefit is that if you incorporate that test into your test-suite, you have a good security-related test for future reference. ------ We are the carpenters and bricklayers of the Information Age. Then there are Damian modules.... sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon.* - flyingmoose I shouldn't have to say this, but any code, unless otherwise stated, is untested	[reply]