Home arrow Perl Programming arrow Writing Secure CGI Scripts

Writing Secure CGI Scripts

One area often overlooked in CGI programming is security. In this article Pete looks at common flaws in CGI scripts and how to fix them with Perl's taint mode, by filtering user input and more.

  1. Writing Secure CGI Scripts
  2. Why should I care about security?
  3. Shell processing
  4. Untainting data
By: Pete Smith
Rating: starstarstarstarstar / 6
May 30, 2002

print this article


One area often overlooked in CGI programming is the issue of security. Badly written Perl CGI can not only put your account at risk of being cracked, but it can also expose the whole web server to crackers - not something your system administrator will be too please about. If a web server is cracked due to your negligence, you will almost certainly have your account removed, and may well be liable for costs incurred due to system downtime, reinstallation etc.

Even the big guns in the computing industry seem to have problems writing secure web scripts (several versions of Microsoft's IIS ship with example ASP scripts which make it possible to view any file on the web server) - sad, since a few basic precautions can greatly reduce the chances of a script being exploited.

In this article we will be looking at some common flaws in CGI scripts, and how they can be avoided. We'll learn about Perl's "taint mode", the dangers of special characters, and how to filter user input.

First up, some common misconceptions on CGI security...

>>> More Perl Programming Articles          >>> More By Pete Smith

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Perl Turns 25
- Lists and Arguments in Perl
- Variables and Arguments in Perl
- Understanding Scope and Packages in Perl
- Arguments and Return Values in Perl
- Invoking Perl Subroutines and Functions
- Subroutines and Functions in Perl
- Perl Basics: Writing and Debugging Programs
- Structure and Statements in Perl
- First Steps in Perl
- Completing Regular Expression Basics
- Modifiers, Boundaries, and Regular Expressio...
- Quantifiers and Other Regular Expression Bas...
- Parsing and Regular Expression Basics
- Hash Functions

Developer Shed Affiliates


Dev Shed Tutorial Topics: