Re: CGI Perl Security

To: Jason Thomas <jason@topic.com.au>
Cc: <debian-security@lists.debian.org>
Subject: Re: CGI Perl Security
From: Tamas TEVESZ <ice@extreme.hu>
Date: Wed, 25 Jul 2001 09:53:31 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.33.0107250951350.28726-100000@dawn.royalcomp.hu>
In-reply-to: <[🔎] 20010725093104.A19333@topic.com.au>

On Wed, 25 Jul 2001, Jason Thomas wrote:

 > not that I know of, but I would suggest turning on tainted mode and
 > passing all external variables through a regex.
                                                 , those that are
set by the client.

DOCUMENT_ROOT is set by the server, so it's just unneccessary
overhead. you can of course do that, but if you don't trust your
webserver, why are you running it at the first place ? :>

-- 
[-]
"you're wasting my time, chatterbox."

Reply to:

Follow-Ups:
- Re: CGI Perl Security
  - From: Sam Couter <sam@topic.com.au>

References:
- Re: CGI Perl Security
  - From: Jason Thomas <jason@topic.com.au>

Prev by Date: Re: CGI Perl Security
Next by Date: Re: CGI Perl Security
Previous by thread: Re: CGI Perl Security
Next by thread: Re: CGI Perl Security
Index(es):
- Date
- Thread