Perl-Sensitive Sunglasses | |
PerlMonks |
How to safely define a CGI program's application base directoryby ddmiller (Initiate) |
on Feb 10, 2013 at 20:28 UTC ( [id://1018072]=perlquestion: print w/replies, xml ) | Need Help?? |
ddmiller has asked for the wisdom of the Perl Monks concerning the following question: Hello, I am writing an application that will be hosted on several Apache webservers, which may have different directory structures. The application will reference a number of directories and files ("config", "log", "data", etc.) under an application base directory. Since each server's directory structure might be different, though, the pathnames to the base directory will vary from server to server. I thought I would define an environment variable in the Apache configuration that would tell the CGI where to find its base directory, like this:
That works fine, until I turn on taint mode. When I turn on taint mode, I get this:
I understand why taint mode doesn't like my code: a malicious (or careless) Apache admin might point that ENV variable to the wrong directory and cause something important to be overwritten. I'm sure other more seasoned programmers have handled this problem before, and I'd love to hear how you handled it. Thanks in advance for your assistance. Regards, Darren
Back to
Seekers of Perl Wisdom
|
|