Beefy Boxes and Bandwidth Generously Provided by pair Networks kudra
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Use placeholders. For SECURITY!

by dws (Chancellor)
on Nov 14, 2003 at 06:51 UTC ( #307010=note: print w/ replies, xml ) Need Help??


in reply to Use placeholders. For SECURITY!

So, what can a developer do about this?

  1. Simulate injection attacks in your unit tests.

A really simple way to do this is to use names like "O'Reilly" in your unit test data. If you're doing test-driven development, this is a very inexpensive strategy for avoiding a lot of trouble.


Comment on Re: Use placeholders. For SECURITY!
Re: Re: Use placeholders. For SECURITY!
by jdtoronto (Prior) on Nov 14, 2003 at 15:00 UTC
    And I can tell you of a number of large systems which are web based that have a problem with that! In one case I know of you put an apostrophe in an email address and the Carp output will then give you a clue to the 'backdoor' super-user type access into the system without having to authenticate.

    All for the sake of the most simple untainting. Whether it is a valid email address or not - an apostrophe is not permitted in an email address! Fortunately the data on the system is not extremely valuable. It is an email autoresponder system which handles a lot of marketting email. But then again I did wonder how an address of mine that was in somebody's newsletter list suddenly started getting spam. I suspect the spammers have been in through the back door and downloaded all the lists out of the system.

    jdtoronto

[reply]
      an apostrophe is not permitted in an email address!
      It is: "'"@example.com is valid syntax.

      Abigail

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://307010]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (10)
As of 2013-05-18 10:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best material for plates (tableware) is:









    Results (391 votes), past polls