Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: how to improve my script

by betterworld (Deacon)
on Jun 15, 2009 at 13:27 UTC ( #771655=note: print w/ replies, xml ) Need Help??


in reply to how to improve my script

From looking at your code, it appears that it is vulnerable to directory traversal attacks. If someone requests URLs like "/../../../../../../etc/passwd", you happily deliver the system's user database.

Also I'd guess that you'll get a lot of warnings if a client terminates the connection without sending a request.

However I may be wrong; I did not run your code, I only had a look at it.

I realize that you are doing this only as an exercise, but I'd strongly recommend thinking about malicious input when writing networking software.


Comment on Re: how to improve my script
Replies are listed 'Best First'.
Re^2: how to improve my script
by afoken (Prior) on Jun 15, 2009 at 17:59 UTC

    I'm missing taint mode and any kind of input validation. I see code written in Perl4 style (&log(...)), I see repeated (hidden) stat calls (-e $DOCROOT.$uri, then -d $DOCROOT.$uri, then -f $DOCROOT.$uri), I see open where stat is sufficient (# open $f to get its modification time). And I'm sure perlcritic would find a lot more than this.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://771655]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (7)
As of 2015-07-30 21:44 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (273 votes), past polls