newrisedesigns hands FireBird34 a copy of CGI Programming with Perl

I don't mean to be harsh, but why would you ever avoid using something that could save you a lot of headaches and unforeseen problems? If you use taint and CGI, you'll be saving yourself from errors and bugs that you might not have ever expected. How's that possible, you ask? Lincoln Stein and his buddies keep CGI updated, so it will always be secure (as long as you download the upgrades, that is). Mr. Stein even has some information online that answers your question.

I will admit, I've written some programs that don't use CGI.pm. Actually, I think I used only one of those in the real world, and it's a "random text generator" that's fed through SSI, so it needs to have a header. I used print to generate the header, instead of the header() function in CGI. Why? Using a module was overkill. However, I have another small program on my website that accepts a POST with a little bit of text in it. This text is then stored on my server and displayed when a page request is made. I used CGI.pm for that 20-liner; there was no doubt in my mind that it was needed. By accepting any input, I leave myself vulernable to all sorts of attacks, especially if I forgot to check for something in my regexp.

By not using CGI, you make yourself a target. In the workplace, an employer pays its programmers to produce reliable code, not experiment in new ways to pull apart a query string or patch old code because security holes were found.

John J Reiser
newrisedesigns.com