in reply to (jcwren) Re: A rumination on finding secure scripts, versus rolling-your-own
in thread A rumination on finding secure scripts, versus rolling-your-own

I think you make really good points here, not the least because most of what you say has been running through my mind too

There is one thing I can contribute, there *are* tools out there that allow common attacks to be run against URLs, Nessus, Saint being two that I've used..

Is it comprehensive ? no.. does it make your script safer ? no, not really.. it just checks for common attacks, it can't be an exhaustive check, for obvious reasons..

Other than that, paranoia is always a virtue when writing a CGI app ;o). I've found that one out the hard way..

finally, a question: I still don't understand why/if taint mode is necessary when a parameter value is used internally.. for example, if you're not using input into system(), exec() or similar nasties, what is the worst that could happen ?

always on the lookout for ways to make my scripts more secure... :o)
tinman

  • Comment on Re: (jcwren) Re: A rumination on finding secure scripts, versus rolling-your-own

Replies are listed 'Best First'.
Re (tilly) 3: A rumination on finding secure scripts, versus rolling-your-own
by tilly (Archbishop) on Mar 30, 2001 at 04:50 UTC
    As perlsec points out, internal data can be tainted without danger. However before it gets near the shell, it is important that it be validated. The entire point of taint mode is to guarantee that you don't forget to do that - ever.
[reply]

In Section Perl Monks Discussion