in reply to Re: CGI::Application and CGI security
in thread CGI::Application and CGI security

Mostly I've placed it immediately beneath the use statements. It seems the most logical place. Ovid says to use them before you create a new CGI object. I don't know when CGI::Application does this, though my guess is that C::A doesn't create a CGI object until a query is requested. I do know that if used too late, the statements can't provide the intended protection.
  • Comment on Re^2: CGI::Application and CGI security

Replies are listed 'Best First'.
Re^3: CGI::Application and CGI security
by dragonchild (Archbishop) on Jun 30, 2004 at 15:55 UTC
    I do know that if used too late, the statements can't provide the intended protection.

    So, create a test that sees if the protection is there, verify that the test works by not having those statements, then put them in various places until you see the desired results.

    A neat side-benefit is that if you incorporate that test into your test-suite, you have a good security-related test for future reference.

    ------
    We are the carpenters and bricklayers of the Information Age.

    Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose

    I shouldn't have to say this, but any code, unless otherwise stated, is untested

[reply]

In Section Seekers of Perl Wisdom