Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Easy Script Editor

by ajt (Prior)
on Oct 05, 2001 at 18:16 UTC ( [id://116993]=note: print w/replies, xml ) Need Help??


in reply to Easy Script Editor

First off you're not running in taint mode, which you must do whenever you let outside users, write to the local file system. Read perlsec to see how it works.

Even if you have taing mode enabled, passwords are easy to guess and crack, and I fear that you're essentially giving someone permssion to write any script they feel like in your CGI-BIN, and then run it my pointing a browser at it. This is a very bad thing...

I would strongly consider if you really need this? and unless it's a burning desparte need, I wouldn't do it.

If you have to be able to do this, then you must make sure your passwords can't be broken easily, you enable taint mode, and you run your CGI-BIN in some sand box environment, and you are hope you need to be lucky...

Be paranoid, very paranoid....

In Section Code Catacombs

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://116993]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others musing on the Monastery: (7)
As of 2024-04-23 21:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found