Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: Security?

by ajt (Prior)
on Apr 24, 2003 at 08:54 UTC ( #252803=note: print w/replies, xml ) Need Help??

in reply to Security?

As a general rule it's safer to remove anything that doesn't match a safe pattern, rather than anything that matches an unsafe pattern. There is even an old CERT warning about this with examples in several languages, including Perl.

Typically the best thing to do is run Perl in Taint mode (sometimes annoying on NT/IIS) and carefully de-taint your input data. As Abigail-II says though if it's not clear the next coder could removed it if they don't understand it.

For example, this de-taints the data, and only allows though data made up of: dashes; alpha-numerics; white-spaces and the at-symbol.

$output = $1 if ($input =~ /^([-\w\s\@]+)$/);

See also:


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://252803]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (6)
As of 2018-03-17 17:21 GMT
Find Nodes?
    Voting Booth?
    When I think of a mole I think of:

    Results (225 votes). Check out past polls.