in reply to is this script secured enough from internet attacks

If not quite insecure in and of itself, use CGI::Carp qw/fatalsToBrowser/; in production code is potentially helpful to an attacker.

In production use, you don't need to give away the information about why the iteration failed. Log it, but don't tell the attacker something that may provide insight into your security efforts.

Replies are listed 'Best First'.
Re^2: is this script secured enough from internet attacks
by tercoz (Acolyte) on Nov 01, 2011 at 04:31 UTC
    indeed, I saw many examples when I could get fields of database, because they were shown in CGI:fatalsToBrowser message, got to be careful next time
[reply]

In Section Seekers of Perl Wisdom