in reply to Re^2: CGI::Application and CGI security
in thread CGI::Application and CGI security

I do know that if used too late, the statements can't provide the intended protection.

So, create a test that sees if the protection is there, verify that the test works by not having those statements, then put them in various places until you see the desired results.

A neat side-benefit is that if you incorporate that test into your test-suite, you have a good security-related test for future reference.

------
We are the carpenters and bricklayers of the Information Age.

Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose

I shouldn't have to say this, but any code, unless otherwise stated, is untested

  • Comment on Re^3: CGI::Application and CGI security

In Section Seekers of Perl Wisdom