Perl
  Home arrow Perl arrow Writing Secure CGI Scripts
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
IBM Rational Software Development Conference
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PERL

Writing Secure CGI Scripts
By: Pete Smith
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 6
    2002-05-30

    Table of Contents:
  • Writing Secure CGI Scripts
  • Why should I care about security?
  • Shell processing
  • Untainting data
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
     
    ADVERTISEMENT

    Route your faxes to your email inbox. Private, secure fax numbers available from CallWave. Choose your fax number.

    Writing Secure CGI Scripts
    (Page 1 of 4 )

    One area often overlooked in CGI programming is security. In this article Pete looks at common flaws in CGI scripts and how to fix them with Perl's taint mode, by filtering user input and more.One area often overlooked in CGI programming is the issue of security. Badly written Perl CGI can not only put your account at risk of being cracked, but it can also expose the whole web server to crackers - not something your system administrator will be too please about. If a web server is cracked due to your negligence, you will almost certainly have your account removed, and may well be liable for costs incurred due to system downtime, reinstallation etc.

    Even the big guns in the computing industry seem to have problems writing secure web scripts (several versions of Microsoft's IIS ship with example ASP scripts which make it possible to view any file on the web server) - sad, since a few basic precautions can greatly reduce the chances of a script being exploited.

    In this article we will be looking at some common flaws in CGI scripts, and how they can be avoided. We'll learn about Perl's "taint mode", the dangers of special characters, and how to filter user input.

    First up, some common misconceptions on CGI security...

    Next: Why should I care about security? >>
     

    More Perl Articles
    More By Pete Smith


     
    >>> Be the FIRST to comment on this article!

       

    PERL ARTICLES

    - Perl: A Continuing Look at Hashes and Multid...
    - Perl: Another Round with Hashes
    - Perl Hashes
    - Perl Lists: A Final Look at List::Util
    - Perl Lists: Utilizing List::Util
    - Perl Lists: The Split() Function
    - SQL and CGI with Perl and DBI
    - Perl Lists: More Functions and Operators
    - SELECT Queries and Perl
    - Perl Lists: More on Manipulation
    - Creating a Database with Perl and DBI
    - Perl: Sailing the List(less) Seas
    - Perl and DBI
    - Perl: Concatenating Text and More
    - Perl Text: Quoting Without Quote Marks
    Find More Perl Articles
     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 3 hosted by Hostway