Beefy Boxes and Bandwidth Generously Provided by pair Networks Joe
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: •Web Security

by samtregar (Abbot)
on Jun 22, 2002 at 19:36 UTC ( #176515=note: print w/ replies, xml ) Need Help??


in reply to Web Security

Hhaha, that's a good one. Here's one I found recently that you might like: 

foreach my $name ($query->param()) {
   $ENV{$name} = $query->param($name);
}

[download]

Very nice, eh? Add that to the fact that the rest of the application uses environment variables for configuration and security and you've got a gaping security hole.

I had to spend at least a half an hour explaining why this wasn't such a good idea in an application that takes credit card data. The worst thing is, the guy that wrote it is generally a good programmer. He'd just gotten into a "not my problem" mindset. Someone asked him to make all CGI params available as environment variables and he just did it!

-sam


Comment on Re: •Web Security
Download Code

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://176515]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (7)
As of 2013-05-19 13:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best material for plates (tableware) is:









    Results (397 votes), past polls