There's more than one way to do things | |
PerlMonks |
(Ovid) Re: Is this CGI search secure?by Ovid (Cardinal) |
on Jul 23, 2001 at 08:00 UTC ( [id://98909]=note: print w/replies, xml ) | Need Help?? |
I can't see anything in your script that is insecure. However, You don't provide us with the code for get_data() and you don't show us what you do with @lines. The only user-supplied data appears to be $find and with your setting $CGI::POST_MAX to 1K, it looks perfectly safe. However, what do you do with @lines? Since they are going to match what you have in user-supplied data, there could potentially be issues there. Is this just a test script? I noticed that $db_file appears to be a perl program and that doesn't seem to quite match the variable. Does &get_data do anything with $find? Cheers, Vote for paco! Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
In Section
Seekers of Perl Wisdom
|
|