in reply to
UberSecure v1.5.2 comments
in thread html/file security cgi [revisited]
Hello, just a few suggestions to help you improve upon this code:
- use CGI or die; - A few reasons why you should use the CGI.pm module instead of rolling your own.
- Using strict.pm will save you a lot of time down the road.
- As I pointed out earlier, make sure to read up on security. If you only remember one thing, make sure it's Don't Trust User Input.
- Add the -w flag (or use warnings;) to enable warnings. They'll help you catch silly mistakes and reduce your debugging time.
For added points, remove the "Do not edit without permission." statement. If you're posting code to get advice on how to improve it, the least you can do is allow others to use and modify it.
Other minor annoyances:
- The title - "UberSecure" this script isn't. Not by any stretch of the imagination. When you're learning and unsure of a script's quality, better to stick with a different title.
- Version number - I'm curious where "Version 1.5.2" came from. This number shouldn't just be picked out of the air, it should be representative of the stability of the code. Read the Software Release Practice HOWTO for more details on good release practices.
Hope this helps and best of luck with your future postings :).