[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache and perl CGI

Perl has a "taint" mode (add switch "-T" to the command line or shebang line, as in "#!/usr/bin/perl -T"). The taint mode, I think, prevents user input from being used in unsafe operations until it is filtered by a regular expression.

Taint mode is not as comprehensive as PHP's safe mode. Type "perldoc perlsec" on the command line for a good tutorial on security in Perl.

Perl also does not have a built-in "mail" function.

For timing out an HTTP request, see Apache's "Timeout" directive.



On Dec 2, 2007, at 5:03 PM, Misko wrote:

I am starting creating pages with perl and have some question.
I want to know if perl has something similar to PHPs safe mode.
Especialy if there are some limitation for how long script can run
(PHP has usually 30 second limit) and if perl can have disabled
some features (as fsocketopen() and mail() in PHP)?


To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: