Re: Not working in IIS and it is very Insecure

Hi,

Yes, knowing that it's insecure is no excuse, fix it!

Besides the fact that the connection data shouldn't be in the cgi script itself, it should be read from a configuration file, that's it's better to use RaiseError so that you don't need to check every time if something went wrong in the last query; that you should use CGI module for getting the parameters, etc... that using that way of handling input will bring you soon to problems with SQL Injection, see placeholders in DBI module. Take a look at the code itself because this while doesn't make much sense...

Regards,

fmerges at irc.freenode.net

Comment on Re: Not working in IIS and it is very Insecure

Replies are listed 'Best First'.
Re^2: Not working in IIS and it is very Insecure by raviguhani (Initiate) on Aug 19, 2007 at 18:26 UTC
Thank you very much, i am searching for some tutorial on security regarding CGI scripts, and on the Code part... as you can see i am very new to perl, i am reading some header commands... i will definetly improve it...	[reply]
Re^3: Not working in IIS and it is very Insecure by robot_tourist (Hermit) on Aug 20, 2007 at 10:41 UTC
Obligatory link to Ovid's CGI Course, which is as much about basic security as CGI. How can you feel when you're made of steel? I am made of steel. I am the Robot Tourist. Robot Tourist, by Ten Benson	[reply]