what the force of many cannot
|
|
|
|
Your skill will accomplish what the force of many cannot |
|
| PerlMonks |
Re^4: Essential CGI Security Practicesby Aristotle (Chancellor) |
| on Feb 02, 2002 at 21:46 UTC ( [id://143008]=note: print w/replies, xml ) | Need Help?? |
This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.
Yes, I was replying to your note. I think you simply confused the one kind of error message with a different kind of error message. There's a distinct difference between what you were talking about and those error messages that should not be let out due to CGI security concerns. Input validation, as I mentioned it, was meant in the extended sense of any and all checks you may perform on your input data - ie not only the initial "does this look like a valid username" but also "do we have this username in our database" and "does the password match". Point taken that you mention paths and similar information separately, however I think you should drop the condition "if you're truly paranoid" because if you're anything less than truly paranoid there's not even a chance of achieving security. :-)
Makeshifts last the longest.
In Section
Meditations
|
|
||||||||||||||||||||||||