Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
From what I understand, there was temporarily a note here from a fellow monk about how I had doubled the damage by revealing specifics.

Please let me assure you that the code snippet I posted by deliberate action:

  • Did not mention the name of the client
  • Changed the name of the parameter
  • Changed the eval-ish code
Yes, a correlation between the timing of my rant and my public schedule does indeed reveal that this is a $VERY_LARGE_COMPANY in Silicon Valley. I'll grant that as a leak. But the web search suggested to me in the message box revealed only a handful of companies, none of which is $VERY_LARGE_COMPANY.

Please give me a little credit here. I'm not willing to compromise my customer's security (even if they've already done it themselves). I'm just pointing out the sad state of web security in the world, and being afraid for my own transactions as I continue to shop and bank and share information on-line. And hoping maybe I can stir some of you up to take on security with a bit more vigor, or know when to call in the experts if you don't see why having eval and fatalsToBrowser were both compoundingly bad news there.

-- Randal L. Schwartz, Perl hacker


In reply to •Re: •Web Security by merlyn
in thread Web Security by merlyn

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2024-03-29 06:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found