Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Re: Hacking CGI - security and exploitation

by cjf (Parson)
on Jun 24, 2002 at 21:07 UTC ( #176943=note: print w/ replies, xml ) Need Help??


in reply to Re: Hacking CGI - security and exploitation
in thread Hacking CGI - security and exploitation

I can't imagine anyone actually providing a direct portal to files via a form.

There have been two recent cases on this site where someone has linked to code they've inherited/written that has done this (and more). Luckily, in both cases they were very open to suggestions and took the code down immediately and went off to learn more about security.

anyone who does anything in CGI should study the topic very closely before they use a script anyway.

Should and do are two very different things. It's no secret that many people first come into contact with Perl by trying to write a script for their website. Saying "well you should have studied security" after the fact is of little use. The more that is written on the subject, and the more commonplace it becomes, the better.


Comment on Re: Re: Hacking CGI - security and exploitation
Re: Re: Re: Hacking CGI - security and exploitation
by meraxes (Friar) on Jun 25, 2002 at 00:27 UTC

    Fair enough. I guess it was a bit of a knee jerk reaction. I'm just not fond of those who blame the tool instead of the user (and to me that seemed to be what the author was doing). The presentation seemed a little cavalier to me.

    I'm mediocre at best (but improving, thanks perl monks) and tend to be very paranoid. However, it still seems horrifically lax not to look up these sorts of things (to me at least). I do mostly data munging so I'm hardly an expert.

    You are right though. Consider me properly chastised. :)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://176943]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2014-07-26 13:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (176 votes), past polls