Re: Apache and perl CGI
On Mon, 03 Dec 2007 16:40:16 +0100, Bogart Salzberg wrote:
> Perl has a "taint" mode (add switch "-T" to the command line or
> shebang line, as in "#!/usr/bin/perl -T"). The taint mode, I think,
> prevents user input from being used in unsafe operations until it is
> filtered by a regular expression.
> Taint mode is not as comprehensive as PHP's safe mode. Type "perldoc
> perlsec" on the command line for a good tutorial on security in Perl.
You should also add 'use strict' & 'use warnings' to your perl scripts,
they're both very useful for keeping your code healthy.
> Perl also does not have a built-in "mail" function.
You can use MIME::Lite for that, or write directly to sendmail. You
probably don't want to allow people to enter the email destination
Stephen Patterson :: firstname.lastname@example.org :: http://patter.mine.nu/
GPG: B416F0DE :: Jabber: email@example.com
"Don't be silly, Minnie. Who'd be walking round these cliffs with a gas oven?"