You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl-cvs@perl.apache.org by fd...@hyperreal.org on 1998/09/03 23:12:29 UTC
cvs commit: modperl/faq mod_perl_faq.pod
fdc 98/09/03 14:12:29
Modified: faq mod_perl_faq.pod
Log:
Added suggestion from Stephane Payrard.
Revision Changes Path
1.9 +6 -1 modperl/faq/mod_perl_faq.pod
Index: mod_perl_faq.pod
===================================================================
RCS file: /export/home/cvs/modperl/faq/mod_perl_faq.pod,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- mod_perl_faq.pod 1998/07/01 23:16:23 1.8
+++ mod_perl_faq.pod 1998/09/03 21:12:29 1.9
@@ -1,6 +1,6 @@
=head1 NAME
-Mod_perl_faq - frequently asked questions about mod_perl ($Date: 1998/07/01 23:16:23 $)
+Mod_perl_faq - frequently asked questions about mod_perl ($Date: 1998/09/03 21:12:29 $)
=head1 DESCRIPTION
@@ -113,6 +113,11 @@
to world readable files. Even so, careless scripts can give away
information. You would not want your /etc/passwd file to be readable over
the net, for instance.
+
+Different mod_perl scripts run successively using the same Perl
+interpreter instance. So, in addition to classical CGI mischiefs, a
+malicious mod_perl script can redefine any Perl object and change the
+behavior of other mod_perl scripts.
If you turn on tainting checks, perl can help you to avoid the pitfalls of
using data received from the net. Setting the C<-T> switch on the first line