Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: Crash-Test Dummies: A Few Thoughts on Website Testing

by stevieb (Canon)
on Oct 12, 2015 at 19:20 UTC ( [id://1144574]=note: print w/replies, xml ) Need Help??


in reply to Crash-Test Dummies: A Few Thoughts on Website Testing

It appears my post here is related; disregard if not.

Years ago, I wrote an accounting application for an ISP. It used CGI::Application. I forced the system to use only one entry point and to error out on any URL passed in that wasn't from this entry point.

I then implemented CGI::Application::Plugin::LinkIntegrity to protect against rogue URL input, after entry has been gained.

Although specific to CGI::Application, it wouldn't be hard to drum up something similar for any other module or even custom code. This, along with -T and other routine validation should make things a bit more resistant to tampering.

Replies are listed 'Best First'.
Re^2: Crash-Test Dummies: A Few Thoughts on Website Testing
by Your Mother (Archbishop) on Oct 12, 2015 at 21:56 UTC

    "Tamper resistant" doesn't ring the same as "tamper proof" from the LinkIntegrity doc but I don't know the software. Relying on referring URIs, if that's what you meant by "one entry point," is completely insecure.

[reply]
[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1144574]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (2)
As of 2024-04-20 03:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found