-
September 2nd, 2005, 11:55 PM
#1
Junior Member
What do you not want to do in programming Perl CGI scripts form a security point.
What do you not want to do when programming in Perl CGI from a security view?
-
September 3rd, 2005, 12:02 AM
#2
Well, programming in Perl... That's what I don't want to do. Horrible language.
-
September 3rd, 2005, 12:20 AM
#3
Katja do me a favor and slap yourself for that last statement...
What do you not want to do when using perl and cgi??? That is a book full of stuff....
Hmm... go to www.perlmonks.org There is your new home... Try to find an e copy of Cgi programming in perl... It should help also.
-
September 3rd, 2005, 12:24 AM
#4
Originally posted here by Katja
Horrible language.
Chinese, Japanese, French (all others)
German is good
Italian, love the hand waving
Engish is OK
Computer says no
(Carol Beer)
-
September 3rd, 2005, 12:37 AM
#5
Originally posted here by jm459
Engish is OK
Yea, maybe one day you'll learn it?
-
September 3rd, 2005, 12:41 AM
#6
Originally posted here by gore
Yea, maybe one day you'll learn it?
May your tongue rot off the day after tomorrow
It has been spoken among the elders, that you are the wise on
To that I say: bulls**t
come back to me the tribe await, we are ready, and hungry ( big mac, large fries,and coke please)
Computer says no
(Carol Beer)
-
September 3rd, 2005, 12:45 AM
#7
Yeah, I know. I should slap myself for that remark but just couldn't resist it. There's not a good answer to this question anyways since there are so many things you shouldn't do, if you care about security.
Things that you shouldn't do are in general things you shouldn't do when trying to build anything secure with whatever language you prefer. For example, you should not store passwords in clear text on your server. Someone might read them. And if you're sending over secure data from client to server, please use a secure (https://) connection. Which means you need a digital signature for your server.
Perl is an interesting language if you think obfuscation is a good way to hide your code. Someone with no knowledge about Perl will have several problems trying to understand what it does. (Well, they will have to google a bit.) It is also a very popular language and many people even think that Perl = CGI. But CGI itself is language-independant and you can even use MS-DOS batch files to write CGI applications, if you set up your server to execute them, instead of serving them to the client.
A big security mistake could therefore be to not set up your server to execute the scripts. Because then any visitor who visits your site will just see the perl code instead of seeing what you have written it for...
(Better answer now, or do I have to slap myself again?)
-
September 3rd, 2005, 12:48 AM
#8
Dad that's your ass next time.
-
September 3rd, 2005, 12:53 AM
#9
Originally posted here by gore
Dad that's your ass next time.
My son , my son please forgive me for this treachery, do not put me to the stake( ok with lots of onions and mushrooms)
Computer says no
(Carol Beer)
-
September 3rd, 2005, 05:52 AM
#10
Erm, yeah ok.
Katja - Please do the world a favor and go do some more reading before you apply your fingers to the keyboard again. It hurts mah brain to read your answers at times.
For the basic web app stuff take a look through http://www.owasp.org/index.jsp
For perl + cgi + security type info please look at everyone's favorite resource.... Google! http://www.google.com/search?hl=en&q=perl+cgi+security
There should be enough information there to get you started.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|