Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Don't Trust The Client - Re: Security with open() in CGI scripts

by metadoktor (Hermit)
on Feb 26, 2002 at 07:10 UTC ( #147497=note: print w/replies, xml ) Need Help??


in reply to Security with open() in CGI scripts

In general, do not accept any input from the client (compare whatever you receive against an internal list of what is acceptable), but if you have to accept input from the client then make sure that it conforms to the kind of data that you are expecting...so make sure it doesn't exceed a certain length, that it doesn't have strange characters, that it has the proper order of chars, etc).

Some classic documents about computer security:

W3 Security FAQ by Lincoln Stein and John Stewart

Secure Programming Checklist by Simson Garfinkel and Gene Spafford

Perl CGI Problems in Phrack Magazine, Vol 9, Issue 55 by Rain Forest Puppy

metadoktor

"The doktor is in."

  • Comment on Don't Trust The Client - Re: Security with open() in CGI scripts

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://147497]
help
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (2)
As of 2016-12-10 08:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:













    Results (160 votes). Check out past polls.