Re: Essential CGI Security Practices


Perl: the Markov chain saw
	PerlMonks

Re: Essential CGI Security Practices

by gellyfish (Monsignor)

on Feb 04, 2002 at 12:02 UTC ( [id://143214]=note: print w/replies, xml )

Need Help??

in reply to Essential CGI Security Practices

As far as the CGI::Carp qw/fatalsToBrowser/ goes I would suggest an alternative to removing it altogether. CGI::Carp has had the facility to alter the output message for a quite a while - you can supply a coderef to a subroutine that will be called with the error message and which should print the text of the message to be output - you can set a $DEBUGGING variable to determine whether the actual error message gets output:

           use CGI::Carp qw(fatalsToBrowser set_message);
       
           use vars qw($DEBUGGING);

           BEGIN 
           {
              $DEBUGGING = 1;

              my $error_handler = sub 
              {
                 my $message = shift;
                 print "<h1>Oooh I got an error</h1>";
                 print $message if $DEBUGGING;
              }
             set_message($error_handler);
           }
[download]

This allows you to easily switch on or off the detailed error messages and means you don't have to take the 'or die' out of potentially hundreds of lines of code.

/J\

Comment on Re: Essential CGI Security Practices Select or Download Code

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://143214]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others making s'mores by the fire in the courtyard of the Monastery: (3)

As of 2024-04-26 04:07 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found