ivory: my sincerest apologies for contradicting you, but I would recommend someone NOT use this online course.
- Does not explain taint checking until chapter 16 (and then has subtle errors in her regex and her "manpage" lister won't list all manpages). Taint checking also appears to be the extent of her security knowledge.
- Her "taint checking" example also has a glaring security hole. If the form value doesn't pass her taint checking, she prints it back out to the browser. That would allow a hacker could allow a hacker to exploit cross-site scripting vulnerabilites with JavaScript and to do redirects to other sites.
- She doesn't use the -w switch, strict, or CGI.pm. Leaving any of those three off is going to cause the Web developer to waste a lot of time debugging things that they'd catch instantly with those three.
Cheers,
Ovid
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|