Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: How safe is my perl cgi website?

by tstock (Curate)
on Jul 05, 2004 at 19:27 UTC ( [id://371963]=note: print w/replies, xml ) Need Help??


in reply to How safe is my perl cgi website?

It's not too hard to test for command injection, SQL injection or cross site scripting "potential". As to actually being able to exploit the vulnerability, that probably depends on the penetration tester experience. You're better safe than sorry, don't depend on "security through obscurity" and cross your "t"s, dot your "i"s.

  • use taint mode
  • sanitize your external inputs and accept only what you expect to get (numbers, strings, specific sizes, etc)
  • use placeholders for SQL values
  • use system(), exec() in list context
  • have your design and code reviewed by a peer
  • implement good audit logs and backups (update)

Tiago

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://371963]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2024-04-19 20:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found