Re: [fw-wiz] OT, sorta: Breaking pipes?



On Sat, Nov 7, 2009 at 07:34, Chris Myers <clmmacunix@xxxxxxxxxxx> wrote:
Do you use Perl at all with CGI scripts? If so, this is just an example of
what might be done with anything written with custom scripts. In this case,
it is a specific vendor, but it could happen to anyone who does not code
diligently.

http://www.kb.cert.org/vuls/id/496064

We don't use perl/cgi here, but the example is instructive.

This issue at hand is for web browsing by clients - the newish manager
believes that it's just too annoying to add exceptions for the
misbehaving web sites. Of course, it's not just the pipe character.
It's also the other unsafe/unwise characters, and the URLs that are
longer than 1024 characters, etc.

At some point we may be hosting a web site locally, but that hasn't happened.

This is really an education issue, so anything that I can add to the
ammunition pile is helpful.

Kurt
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: my word 2007 is locked
    ... The school is not the vendor. ... River that runs the program for Microsoft. ... e-mail confirmation states it is not an address that i can reply to. ... which had: and then some characters ...
    (microsoft.public.word.docmanagement)
  • Re: Absurd password (rant)
    ... Use a mixture of upper- and lower-case letters, numbers, and symbols, with at least 8 characters. ... I suppose it all depends on the security level. ... I must admit I use Netscape's Password Manager for most web sites that need a password. ...
    (alt.usage.english)
  • Re: Looking for RDBM reviews and ratings
    ... check the web sites of each of the vendors, ... top spots change from one vendor to the next, ... Wayne Snyder, MCDBA, SQL Server MVP ... community of SQL Server professionals. ...
    (microsoft.public.sqlserver.server)
  • Re: Looking for RDBM reviews and ratings
    ... check the web sites of each of the vendors, ... top spots change from one vendor to the next, ... Wayne Snyder, MCDBA, SQL Server MVP ... community of SQL Server professionals. ...
    (microsoft.public.sqlserver.programming)
  • Re: Virus??
    ... Nak wrote: ... > Most web sites are being altered by somthing on my machine, ... >are being replaced with other characters, for example, if I visit a web site ...
    (microsoft.public.windowsxp.general)