Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Re: Essential CGI Security Practices

by gellyfish (Monsignor)
on Feb 04, 2002 at 12:02 UTC ( #143214=note: print w/replies, xml ) Need Help??

in reply to Essential CGI Security Practices

As far as the CGI::Carp qw/fatalsToBrowser/ goes I would suggest an alternative to removing it altogether. CGI::Carp has had the facility to alter the output message for a quite a while - you can supply a coderef to a subroutine that will be called with the error message and which should print the text of the message to be output - you can set a $DEBUGGING variable to determine whether the actual error message gets output:

use CGI::Carp qw(fatalsToBrowser set_message); use vars qw($DEBUGGING); BEGIN { $DEBUGGING = 1; my $error_handler = sub { my $message = shift; print "<h1>Oooh I got an error</h1>"; print $message if $DEBUGGING; } set_message($error_handler); }

This allows you to easily switch on or off the detailed error messages and means you don't have to take the 'or die' out of potentially hundreds of lines of code.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://143214]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (12)
As of 2016-10-26 16:46 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (344 votes). Check out past polls.