Re: perlsec question

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.

And by killing %ENV, you also kill your cgi-Parameters, and so communication between cgi-Scripts is nearly impossible.

Best regards,
perl -e "print a|r,p|d=>b|p=>chr 3**2 .7=>t and t"

Comment on Re: perlsec question Download Code

Replies are listed 'Best First'.
Re: Re: perlsec question by helgi (Hermit) on Dec 14, 2001 at 11:11 UTC
Nah. Get your CGI parameters first, then kill %ENV before doing anything. You can always explicitly set any ENV variables you need anyway (and should) and you should always specify the full path to any executables you use. Regards, Helgi Briem	[reply]
Re (tilly) 2: perlsec question by tilly (Archbishop) on Dec 15, 2001 at 06:17 UTC
If you have CGI scripts trying to execute other CGI scripts, then you are doing something fundamentally wrong already. Not to mention that CGI scripts which assume that all CGI communication will be in %ENV loses you the ability to pass large amounts of data to the script. (Which requires the POST method to do.)	[reply]

• hippo

• erzuuli

‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.