You are viewing a plain text version of this content. The canonical link for it is here.
Posted to embperl@perl.apache.org by Gerald Richter <ri...@ecos.de> on 2001/08/01 13:50:35 UTC
Re: Upload-problem with IE 2
> Embperl 1.3.1
You should also upgrade Embperl to 1.3.3, because 1.3.3 handles errors in
CGI.pm much better
Gerald
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: embperl security info
Posted by Akshay Arora <ak...@5vs1.com>.
I think that most Embperl issues are really just Perl issues. I think
one can avoid most problems by making sure that the user input is
checked for double/single quotes, and backticks. Also I think it is good
if you don't interpolate any user data, by putting the input in double
quotes, or some other perl interpolation/execution method.
I've been a member of an internal web-site at my college that allowed
backticks to go out, and I was allowed to make any shell command as user
www. That should be one of first things to make sure the user can't do.
-Akshay
Jack Cushman wrote:
>
> Hi--
>
> I have been doing final security checks before bringing a website live --
> making sure that users can't manually enter post data to see things they
> shouldn't. My employer is naturally curious about any security issues that
> tend to aflict embperl/mod_perl/cgi. While we have followed common sense
> procedures as far as trusting user data, it would be nice if there was an
> article that discussed security holes so we could make sure we haven't
> missed anything. Are there any resources that you have found particularly
> helpful?
>
> Thanks,
> Jack Cushman
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
embperl security info
Posted by Jack Cushman <jc...@avatartechnology.com>.
Hi--
I have been doing final security checks before bringing a website live --
making sure that users can't manually enter post data to see things they
shouldn't. My employer is naturally curious about any security issues that
tend to aflict embperl/mod_perl/cgi. While we have followed common sense
procedures as far as trusting user data, it would be nice if there was an
article that discussed security holes so we could make sure we haven't
missed anything. Are there any resources that you have found particularly
helpful?
Thanks,
Jack Cushman
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org