Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: security issues with an index.pl-type thing...

by knobunc (Pilgrim)
on Jun 18, 2001 at 18:26 UTC ( #89300=note: print w/ replies, xml ) Need Help??


in reply to security issues with an index.pl-type thing...

That works. Basically you need to untaint the value you were passed after making sure it is valid. Checking it against a hash of valid values will do the trick, or as this site does, looking it up in a database.

Make sure that you use the correct filename portion of the URL (stip off arguments, add the absolute path if needed, etc.) when you do the validation.

It also might make some sense to not have a subroutine to open the filehandle, but rather just get the filename from the validator and have a standard block of code open it.

-ben


Comment on Re: security issues with an index.pl-type thing...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://89300]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (9)
As of 2015-01-28 12:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My top resolution in 2015 is:

















    Results (214 votes), past polls