Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Any information which the user gives to you should be considered "sensitive". The warning is just trying to say, "If you send anything the way you're doing it now, it's very easy for someone to intercept and read it, because it's not encrypted."

The reason for both POST and SSL is as follows:

  1. If you use GET or PUT instead of POST, the data is in the URL, which means that it can be seen traversing the net. (Sniffers, man-in-the-middle attacks, compromised router logging the traffic passing through...). Using POST takes the data out of the URL.
  2. If you use SSL, then the content of the POST is flowing across an encrypted channel and is therefore much harder to intercept (someone with a faked cert could, for instance, but the trivial attacks listed above won't work.)
So you need both to guarantee (modulo very outside cases) that the data is secure.

As to whether the data is "sensitive" or not, it depends on the application, but a good rule of thumb is that any personally-identifiable data is sensitive. So ages, names, addresses, email addresses, IM handles, or anything that when taken together would let you identify someone.

In reply to Re: Need help figure out this Security vulnerability on this cgi code by pemungkah
in thread Need help figure out this Security vulnerability on this cgi code by Anonymous Monk

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and God said, "Let Newton be!"...

    How do I use this? | Other CB clients
    Other Users?
    Others exploiting the Monastery: (3)
    As of 2018-03-21 23:33 GMT
    Find Nodes?
      Voting Booth?
      When I think of a mole I think of:

      Results (272 votes). Check out past polls.