Perl Programming - CGI Security

Perl Programming
CGI Security
What about web server security? Letting anyone run programs on your server can be risky Be sure to set up your web server properly What about CGI script security? Disallow risky operations like pointer arithmetic, array access without bounds checking, etc. Perl is designed to prevent such problems But must be aware of outside execution (``) `perldoc perlsec` for security information #!/usr/athena/bin/perl # A REALLY BAD IDEA! print "Finger whom? "; $user = <>; $output = `finger $user`; print "$output\n"; Finger whom? rjbarbal Finger whom? ; rm -rf /
Previous	http://stuff.mit.edu/iap/perl/	Next

What about web server security?

Letting anyone run programs on your server can be risky
Be sure to set up your web server properly

What about CGI script security?

Disallow risky operations like pointer arithmetic, array access without bounds checking, etc.
Perl is designed to prevent such problems
But must be aware of outside execution (``)

perldoc perlsec for security information

        #!/usr/athena/bin/perl
        # A REALLY BAD IDEA!
        print "Finger whom? ";
        $user = <>;
        $output = `finger $user`;
        print "$output\n";

        Finger whom? rjbarbal
        Finger whom? ; rm -rf /