Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Re: Security?

by ajt (Prior)
on Apr 24, 2003 at 08:54 UTC ( #252803=note: print w/ replies, xml ) Need Help??

in reply to Security?

As a general rule it's safer to remove anything that doesn't match a safe pattern, rather than anything that matches an unsafe pattern. There is even an old CERT warning about this with examples in several languages, including Perl.

Typically the best thing to do is run Perl in Taint mode (sometimes annoying on NT/IIS) and carefully de-taint your input data. As Abigail-II says though if it's not clear the next coder could removed it if they don't understand it.

For example, this de-taints the data, and only allows though data made up of: dashes; alpha-numerics; white-spaces and the at-symbol.

$output = $1 if ($input =~ /^([-\w\s\@]+)$/);

See also:


Comment on Re: Security?
Download Code

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://252803]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (5)
As of 2015-11-28 17:35 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (743 votes), past polls