[Israel.pm] securing CGI scripts

Shlomo Yona shlomo at cs.haifa.ac.il
Sun Sep 26 23:08:41 PDT 2004


I have a CGI script that is used to serve as a
"web-interface" (along with an HTML form) demo for a
commanline program I wrote.

I've been asked to put it on a public web server and allow
free access to this demo.

Now... the demo takes the input written in a FORM and pipes
it to a pipeline of oneliners and then prints back a
transformation of the returned output.

This "logic" seems very insecure and may result in data loss
on the server.

I wonder if you guys can give some finger-rules, suggestions
and tips that will enable me to get back to the script and
do something to increase its security.


Shlomo Yona
shlomo at cs.haifa.ac.il

More information about the Perl mailing list