[Israel.pm] securing CGI scripts
mellerf at netvision.net.il
Mon Sep 27 04:43:23 PDT 2004
Shlomo Yona wrote:
> I have a CGI script that is used to serve as a
> "web-interface" (along with an HTML form) demo for a
> commanline program I wrote.
> I've been asked to put it on a public web server and allow
> free access to this demo.
> Now... the demo takes the input written in a FORM and pipes
> it to a pipeline of oneliners and then prints back a
> transformation of the returned output.
> This "logic" seems very insecure and may result in data loss
> on the server.
> I wonder if you guys can give some finger-rules, suggestions
> and tips that will enable me to get back to the script and
> do something to increase its security.
Start with 'perldoc perlsec' and pay attention to taint checking. Good Luck.
"No, I do not contain myself,"
were the final words from the set of self-excluding sets. :-)
More information about the Perl