in reply to CGI Password
If you enter a valid password, the following is output:#!/usr/bin/perl -wT use strict; use CGI::Pretty qw( :standard ); my ( $p, $password ); $p="howdy"; $password=param('password'); ' Here's where we taint check. $password is undef ' if it doesn't match the regex ( $password ) = ( $password =~ /^(\w+)$/ ); if (defined $password and $p eq $password) { print header, start_html( -title => 'Password Check', -BGCOLOR => 'navy', -text => 'white' ), h1( 'It worked' ), hr(), br(), end_html; } else { print header, start_html( -title => 'Password Check', -BGCOLOR => 'orange' ), h1( 'Loser -- Try Again' ), hr(), br(), end_html; }
Once you get used to them, they are very handy.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US"><head><title>P +assword Check</title> </head><body text="white" bgcolor="navy"> <h1> It worked </h1> <hr><br></body></html>
Incidentally, anyone know why <hr> and friends aren't represented as <hr />? I thought those were necessary for valid XHTML (though I know this is transitional, I still thought it was done that way). I am using CGI.pm 2.74.
You questions were:
Read perlre. You can also read through <shameless plug>this incomplete CGI course</shameless plug> for more information on security.
No. It's a bad security model. See link in question #1 for more info.
Read the link that tinman listed. It looked pretty good (though I just scanned it, so take me with a grain of salt).
Cheers,
Ovid
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
|
|---|