Re: Removing malicious HTML entities (now with more questions!)

How safe do you want it to be? For example if you use hhtp (instead of https) the password will be send unencrypted over the internet. Not particular safe :-) It depends on your requirements.

With respect to your last question, if somebody can read the file he can obviously intercept the credentials. You have to think about file permissions and where to put what file.

See for example CGI Programming with Perl, 2nd Edition, Chapter 8 Security .

Comment on Re: Removing malicious HTML entities (now with more questions!)

Replies are listed 'Best First'.
Re^2: Removing malicious HTML entities (now with more questions!) by Lawliet (Curate) on Aug 16, 2008 at 12:19 UTC
There are no passwords. By 'safe', I meant 'unable to be exploited' (leading to me replacing html markup). Regarding the interception discussion, what methods could the user use? The only thing I can think of is downloading the cgi file through the use of wget (or anything, really). Then open and read. Update: Nevermind, that method does not work. It downloads the html the cgi file outputs. But what other ways were you referring to? I'm so adjective, I verb nouns! chomp; # nom nom nom	[reply]
Re^3: Removing malicious HTML entities (now with more questions!) by dHarry (Abbot) on Aug 16, 2008 at 12:26 UTC
See the link I provided, and also see Hacking CGI. Just Google or Super Search the Monastery.	[reply]
Re^4: Removing malicious HTML entities (now with more questions!) by Lawliet (Curate) on Aug 16, 2008 at 12:31 UTC
Already am and will do. I'm so adjective, I verb nouns! chomp; # nom nom nom	[reply]