in reply to Re: Am I asking for trouble using Crypt::OpenPgp this way?
in thread Am I asking for trouble using Crypt::OpenPgp this way?

Thanks for the responses. I am actualy reading in the text from a file then posting the encrypted data to a cgi on my web server.
  • Comment on Re^2: Am I asking for trouble using Crypt::OpenPgp this way?

Replies are listed 'Best First'.
Re^3: Am I asking for trouble using Crypt::OpenPgp this way?
by Joost (Canon) on Feb 02, 2005 at 14:52 UTC
    Well, the weakest part in the chain would probably be the authentication on the CGI script, since unless you're using ssl the HTTP request itself is not encrypted. (I don't suppose you want just anyone to post stuff to the CGI?)

    It's probably a minor issue, but it could open you up to relatively easy DDOS attacks (depending on the maximum size of the posted data, which IP addresses you allow to connect, etc)

    "What should it profit a man, if he should win a flame war, yet lose his cool?"
[reply]
      Thanks again for the input. You have greatly added to my peace of mind. We have methods in place within the cgi so that the data posted will not make it far unless it is in the correct format.
[reply]

In Section Seekers of Perl Wisdom