What do you not want to do when programming in Perl CGI from a security view?
What do you not want to do when programming in Perl CGI from a security view?
Well, programming in Perl... That's what I don't want to do. Horrible language. :D
Katja do me a favor and slap yourself for that last statement...
What do you not want to do when using perl and cgi??? That is a book full of stuff....
Hmm... go to www.perlmonks.org There is your new home... Try to find an e copy of Cgi programming in perl... It should help also.
Chinese, Japanese, French (all others)Quote:
German is good
Italian, love the hand waving
Engish is OK
Yea, maybe one day you'll learn it? ;)Quote:
May your tongue rot off the day after tomorrowQuote:
It has been spoken among the elders, that you are the wise on :confused:
To that I say: bulls**t
come back to me the tribe await, we are ready, and hungry ( big mac, large fries,and coke please)
Yeah, I know. I should slap myself for that remark but just couldn't resist it. :) There's not a good answer to this question anyways since there are so many things you shouldn't do, if you care about security.
Things that you shouldn't do are in general things you shouldn't do when trying to build anything secure with whatever language you prefer. For example, you should not store passwords in clear text on your server. Someone might read them. And if you're sending over secure data from client to server, please use a secure (https://) connection. Which means you need a digital signature for your server.
Perl is an interesting language if you think obfuscation is a good way to hide your code. Someone with no knowledge about Perl will have several problems trying to understand what it does. (Well, they will have to google a bit.) It is also a very popular language and many people even think that Perl = CGI. But CGI itself is language-independant and you can even use MS-DOS batch files to write CGI applications, if you set up your server to execute them, instead of serving them to the client.
A big security mistake could therefore be to not set up your server to execute the scripts. Because then any visitor who visits your site will just see the perl code instead of seeing what you have written it for...
(Better answer now, or do I have to slap myself again?)
Dad that's your ass next time.
My son , my son please forgive me for this treachery, do not put me to the stake( ok with lots of onions and mushrooms)Quote:
Erm, yeah ok.
Katja - Please do the world a favor and go do some more reading before you apply your fingers to the keyboard again. It hurts mah brain to read your answers at times.
For the basic web app stuff take a look through http://www.owasp.org/index.jsp
For perl + cgi + security type info please look at everyone's favorite resource.... Google! http://www.google.com/search?hl=en&q=perl+cgi+security
There should be enough information there to get you started.