Do you know where your variables are? | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
In general, do not accept any input from the client (compare whatever you receive against an internal list of what is acceptable), but if you have to accept input from the client then make sure that it conforms to the kind of data that you are expecting...so make sure it doesn't exceed a certain length, that it doesn't have strange characters, that it has the proper order of chars, etc).
Some classic documents about computer security: W3 Security FAQ by Lincoln Stein and John Stewart Secure Programming Checklist by Simson Garfinkel and Gene Spafford Perl CGI Problems in Phrack Magazine, Vol 9, Issue 55 by Rain Forest Puppy metadoktor "The doktor is in." In reply to Don't Trust The Client - Re: Security with open() in CGI scripts
by metadoktor
|
|