in reply to Re^2: Am I asking for trouble using Crypt::OpenPgp this way?
in thread Am I asking for trouble using Crypt::OpenPgp this way?

Well, the weakest part in the chain would probably be the authentication on the CGI script, since unless you're using ssl the HTTP request itself is not encrypted. (I don't suppose you want just anyone to post stuff to the CGI?)

It's probably a minor issue, but it could open you up to relatively easy DDOS attacks (depending on the maximum size of the posted data, which IP addresses you allow to connect, etc)

"What should it profit a man, if he should win a flame war, yet lose his cool?"
  • Comment on Re^3: Am I asking for trouble using Crypt::OpenPgp this way?

Replies are listed 'Best First'.
Re^4: Am I asking for trouble using Crypt::OpenPgp this way?
by boat73 (Scribe) on Feb 02, 2005 at 15:05 UTC
    Thanks again for the input. You have greatly added to my peace of mind. We have methods in place within the cgi so that the data posted will not make it far unless it is in the correct format.
[reply]

In Section Seekers of Perl Wisdom