Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: Need help figure out this Security vulnerability on this cgi code

by bitingduck (Chaplain)
on Apr 01, 2012 at 06:05 UTC ( #962845=note: print w/replies, xml ) Need Help??


in reply to Need help figure out this Security vulnerability on this cgi code

Do you not see anything obvious because you don't think the information is sensitive?

It's just warning you that the string sent by the browser POST can be read by anybody with access to the browser (or anyone in between it and the server, if they care to look) and that you should use SSL if there's anything sensitive. The scanner can't really tell if the data sent is sensitive. If you communicate with the user over SSL then the warning should go away. It may not be worth it, though it might make it at least a little harder to exploit the XSS vulnerabilities pointed out in your other post.

  • Comment on Re: Need help figure out this Security vulnerability on this cgi code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://962845]
help
Chatterbox?
[LanX]: I remeber M::S (it was dialog driven?) to be buggy
[stevieb]: As far as Dist::Zilla goes, I don't like installing that other than on systems my test platorm runs on. I find it too heavy. I prefer being able to glean a Makefile.PL
[LanX]: what's frustrating me is that a distribution has lots of dupplicated info
[stevieb]: LanX I don't know if it's dialog driven; I just use it in the simplest of terms (just run module-starter at the CLI, and the very last couple of lines are how I use it.
[stevieb]: which dist are you speaking of regarding dups, LanX?
[LanX]: readme version number and so on ...
[stevieb]: with M::S, you can also add other tags, but defaults work... such as --license=perl --eumm
[LanX]: I'm not a big fan of pure make, apparently the auto generated ones are so complicated to be able to work with all possible makes
[stevieb]: I find the M::S makefiles it generates are quite straight forward, and I usually have to add a few things (github info etc). They're about 15 lines or so give or take.

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (3)
As of 2017-08-18 20:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Who is your favorite scientist and why?



























    Results (310 votes). Check out past polls.

    Notices?