- What about web server security?
- Letting anyone run programs on your server can be risky
- Be sure to set up your web server properly
- What about CGI script security?
- Disallow risky operations like pointer arithmetic,
array access without bounds checking, etc.
- Perl is designed to prevent such problems
- But must be aware of outside execution (``)
- perldoc perlsec for security information
#!/usr/athena/bin/perl
# A REALLY BAD IDEA!
print "Finger whom? ";
$user = <>;
$output = `finger $user`;
print "$output\n";
Finger whom? rjbarbal
Finger whom? ; rm -rf /
|