|P is for Practical|
request for review: file reading securityby Anonymous Monk
|on Sep 05, 2004 at 08:38 UTC||Need Help??|
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:
I wrote a small index file for a website, it should read the contents from html files, and print them inside of a template.
what I'm concerned with is if the actual file passing method is secure enough:
this is what I have:
the pages are inside a pages/ folder, and the request is such that index.pl?about will give me the about.html page.
do you see any security flaw with this method? like being somehow able to go back in folders and read stuff you shouldn't be reading?