Re: clean up/professionalism

thanks for the feedback...i'm going to check the security aspect first, then spend the rest of the time documenting. any comments as to common security mistakes would be appreciated. thanks, malaga

Comment on Re: clean up/professionalism

Replies are listed 'Best First'.
Re: Re: clean up/professionalism by arturo (Vicar) on Feb 13, 2001 at 18:48 UTC
If you can make sure the script runs under taint mode (it isn't just for CGIs!), then you've taken a significant step towards making your script secure. Taint mode (-T on the command or '#!' line) isn't a magic bullet, though. It can stop you from making some subtle mistakes, like using unexamined user input in `eval` or system (not just `system`) calls. See `perldoc perlsec` for more. Philosophy can be made out of anything. Or less -- Jerry A. Fodor	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: Re: clean up/professionalism
by arturo (Vicar) on Feb 13, 2001 at 18:48 UTC

If you can make sure the script runs under taint mode (it isn't just for CGIs!), then you've taken a significant step towards making your script secure. Taint mode (-T on the command or '#!' line) isn't a magic bullet, though. It can stop you from making some subtle mistakes, like using unexamined user input in eval or system (not just system) calls. See perldoc perlsec for more.

Philosophy can be made out of anything. Or less -- Jerry A. Fodor

[reply]
[d/l]
[select]