[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache and perl CGI

On Mon, 03 Dec 2007 16:40:16 +0100, Bogart Salzberg wrote:
> Perl has a "taint" mode (add switch "-T" to the command line or  
> shebang line, as in "#!/usr/bin/perl -T"). The taint mode, I think,  
> prevents user input from being used in unsafe operations until it is  
> filtered by a regular expression.
> Taint mode is not as comprehensive as PHP's safe mode. Type "perldoc  
> perlsec" on the command line for a good tutorial on security in Perl.

You should also add 'use strict' & 'use warnings' to your perl scripts,
they're both very useful for keeping your code healthy.


> Perl also does not have a built-in "mail" function.

You can use MIME::Lite for that, or write directly to sendmail. You
probably don't want to allow people to enter the email destination

Stephen Patterson :: steve@patter.mine.nu :: http://patter.mine.nu/
GPG: B416F0DE :: Jabber: patter@jabber.earth.li 
"Don't be silly, Minnie. Who'd be walking round these cliffs with a gas oven?"

Reply to: