Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

DANGER!

by Fastolfe (Vicar)
on Jun 09, 2000 at 03:01 UTC ( [id://17243]=note: print w/replies, xml ) Need Help??


in reply to If doesn't work

Please read the 'perlsec' man page.

You are doing a very dangerous open() call, passing the argument from your HTML form 'name' parameter directly to open. Thus, I can pass an argument of "mail me@example.com </etc/passwd; cat whatever |" and no one would be the wiser. It's not hard to change this into something considerably more destructive.

Please consider running CGI apps with the -T and -w flags, which would catch major security issues like this. The 'perlsec' man page gives more detail.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://17243]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others pondering the Monastery: (6)
As of 2024-04-19 14:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found