Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Re^4: Essential CGI Security Practices

by Aristotle (Chancellor)
on Feb 03, 2002 at 02:46 UTC ( #143008=note: print w/replies, xml ) Need Help??

in reply to Re: Re: Re: Essential CGI Security Practices
in thread Essential CGI Security Practices

Yes, I was replying to your note. I think you simply confused the one kind of error message with a different kind of error message. There's a distinct difference between what you were talking about and those error messages that should not be let out due to CGI security concerns. Input validation, as I mentioned it, was meant in the extended sense of any and all checks you may perform on your input data - ie not only the initial "does this look like a valid username" but also "do we have this username in our database" and "does the password match". Point taken that you mention paths and similar information separately, however I think you should drop the condition "if you're truly paranoid" because if you're anything less than truly paranoid there's not even a chance of achieving security. :-)

Makeshifts last the longest.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://143008]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (8)
As of 2016-10-20 19:55 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (280 votes). Check out past polls.