One area often overlooked in CGI programming is the issue of security. Badly written Perl CGI can not only put your account at risk of being cracked, but it can also expose the whole web server to crackers - not something your system administrator will be too please about. If a web server is cracked due to your negligence, you will almost certainly have your account removed, and may well be liable for costs incurred due to system downtime, reinstallation etc.
Even the big guns in the computing industry seem to have problems writing secure web scripts (several versions of Microsoft's IIS ship with example ASP scripts which make it possible to view any file on the web server) - sad, since a few basic precautions can greatly reduce the chances of a script being exploited.
In this article we will be looking at some common flaws in CGI scripts, and how they can be avoided. We'll learn about Perl's "taint mode", the dangers of special characters, and how to filter user input.
First up, some common misconceptions on CGI security...