Re: Re: Re: A rumination on finding secure scripts, versus rolling-your-own

in reply to Re: Re: A rumination on finding secure scripts, versus rolling-your-own
in thread A rumination on finding secure scripts, versus rolling-your-own

Fair enough but, on looking, the FAQ was written by Lincoln Stein and is here but, in his defence, Lincoln does recommend this in the FAQ :)

In his words... "More recently, Selena Sol has published an excellent article on the risks of installing pre-built CGI scripts, with much helpful advice on configuring and customizing these scripts to increase their security. "

Comment on Re: Re: Re: A rumination on finding secure scripts, versus rolling-your-own

Replies are listed 'Best First'.
Re: Re: Re: Re: A rumination on finding secure scripts, versus rolling-your-own by davorg (Chancellor) on Mar 30, 2001 at 17:25 UTC
It's a well-written article, but with one major flaw. It discusses the problems of passing unchecked user data to shell commands, but doesn't mention taint mode which is there to prevent you doing just that. -- <http://www.dave.org.uk> "Perl makes the fun jobs fun and the boring jobs bearable" - me	[reply]

In Section Perl Monks Discussion