Re: CGI Perl Question
From: Mike Miller (mike@2bit.net)Date: 07/24/01
- Previous message: J.C. Fulkerson: "Computer policies"
- In reply to: Leonard Leblanc: "CGI Perl Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <00cc01c11482$59bd0b70$9d02a8c0@GMI2> From: "Mike Miller" <mike@2bit.net> To: "Leonard Leblanc" <lleblanc@emergeknowledge.com> Subject: Re: CGI Perl Question Date: Tue, 24 Jul 2001 16:51:02 -0400
I can't imagine any kind of hazards with leaving the %ENV variables as they
are. There's no way for a user to change anything in the %ENV unless you
specifically code the script to allow that.
The most important thing as always is to filter any user input through a
regular expression and stripping out any funny characters (ie a '/' in a
user name field).
-- Mike Miller
-- mrmike@2bit.net
----- Original Message -----
From: "Leonard Leblanc" <lleblanc@emergeknowledge.com>
To: <security-basics@securityfocus.com>
Sent: Monday, July 23, 2001 10:31 PM
Subject: CGI Perl Question
> Hello Everyone,
>
> We are currently developing a new website with perl that consists of using
> the HTML::Template module. In the beginning of this script there are
> multiple constants defined which point to the template files using the
> $ENV{DOCUMENT_ROOT} environment variable.
>
> Does this present any more/less of a security risk then just hardcoding
the
> entire path into the script?
>
> Thanks in advance.
>
> --
> Leonard Leblanc
> Vice President - Technology
> www.emergeknowledge.com
>
- Previous message: J.C. Fulkerson: "Computer policies"
- In reply to: Leonard Leblanc: "CGI Perl Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
