Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Essential CGI Security Practices

by gellyfish (Monsignor)
on Feb 04, 2002 at 12:02 UTC ( #143214=note: print w/ replies, xml ) Need Help??


in reply to Essential CGI Security Practices

As far as the CGI::Carp qw/fatalsToBrowser/ goes I would suggest an alternative to removing it altogether. CGI::Carp has had the facility to alter the output message for a quite a while - you can supply a coderef to a subroutine that will be called with the error message and which should print the text of the message to be output - you can set a $DEBUGGING variable to determine whether the actual error message gets output:

use CGI::Carp qw(fatalsToBrowser set_message); use vars qw($DEBUGGING); BEGIN { $DEBUGGING = 1; my $error_handler = sub { my $message = shift; print "<h1>Oooh I got an error</h1>"; print $message if $DEBUGGING; } set_message($error_handler); }

This allows you to easily switch on or off the detailed error messages and means you don't have to take the 'or die' out of potentially hundreds of lines of code.

/J\


Comment on Re: Essential CGI Security Practices
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://143214]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (5)
As of 2014-08-23 17:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (175 votes), past polls