Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re^2: Perl Security Testing

by Your Mother (Bishop)
on Jul 24, 2017 at 21:13 UTC ( #1195919=note: print w/replies, xml ) Need Help??


in reply to Re: Perl Security Testing
in thread Perl Security Testing

This is a strange answer and on its face seems quite wrong. Bugs in Perl could be serious problems regardless of privileges unless one takes the most pedantic and unlikely view where a DB security hole isnt a problem since no user has permission to update the DB. Even then, there have been bugs now and then that allow trivial DoS and such. Having a site like Amazon.com down for 1 minute is millions of dollars. That is a huge problem.

Replies are listed 'Best First'.
Re^3: Perl Security Testing
by Anonymous Monk on Jul 24, 2017 at 21:59 UTC

    Yes, I suppose I shouldn't have assumed you would read the rest of the thread for context. If you are going to give someone shell access, there are a million ways they could DoS you, so don't give people shell accounts on an important server. But that doesn't have anything to do with perl bugs.

    Not entirely sure where you're going with the DB thing. If you have a Perl program that mediates access to a database that's not accessible any other way, then yes, a perl bug could compromise your database. But in that situation, the program has "elevated privileges" in a sense, even if that isn't implemented with OS-level permissions.

Re^3: Perl Security Testing
by Anonymous Monk on Jul 24, 2017 at 21:25 UTC

    a site

    What "a site"?

    One name is not one "a site"

      Ah, well, you did show me wrong on one thing. I thought I was replying to sundialsvc4 posting anonymously. The hand-wavy, half-right schtick is strictly Trdϵmrkd, you know.

        Well ... rest assured this guy is a different guy than the one you responded to, so ... sorry about that

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1195919]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (8)
As of 2019-09-19 16:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The room is dark, and your next move is ...












    Results (249 votes). Check out past polls.

    Notices?