good chemistry is complicated,
and a little bit messy -LW
Form Securityby virtualweb (Sexton)
|on Jun 10, 2009 at 00:10 UTC||Need Help??|
virtualweb has asked for the
wisdom of the Perl Monks concerning the following question:
I would like to add some sucurity to my forms..
I found a few regex's that might help like:
Except I have a trillion of different form field names in different forms all through my server.
Is there a way to do a generic catch all field names loop and test them rather than specify each field name...?? I'm thinking to add a routine in a separate library, (let's say security.lib), and just add (require "security.lib";), to the forms I want to add security to.
Im using the following syntax to obtain input:
Thanx for your help
ikegami:thank you for your input, as I said, I found these regex's, I have no idea if they are properly written or if they help at all. I havent used them, I only listed them here as example of what Im trying to do. If you know better regex's to filter out possible intruders from doing any damage yuo may suggest them
hangon: Thank you for that loop, you are the one who understood best what Im trying to do. I will do some testing on your snippet.
Your Mother: thank you for suggesting the use of your HTML::Scrubber and HTML::Strip. My concern is not that people may input HTML tags, but malicious code that may delete or steal password files, download the cgi code that makes up my script, change folder names, or run shell commands, etc. At least I think i should use a black list so people wont be able to enter comands like system, exec, open, eval, rand, etc
leocharre: thanx for the suggestion of printing out CGI documentation. If you know where to find some that deals with form security I promise to read it.