Mr. Schwartz,
I appreciate your concern that the code that I eventually install live on
my server be as safe as possible and the last thing I wish to happen is for
the security of my system to be compromised. I have visited numerous sites
dealing with Perl/CGI as well as purchased several books on the subject. I
have learned some from these sources but realize I need formal training. My
experience has been that Perl is a bit overwhelming to a person that is
unfamiliar to it.
The code I asked for help on is only going to run on my developmental web
server which is not accessible to the outside world. It won't be just
indiscriminately "thrown up on the web". Only when I am proficient enough to
be sure that the code is safe to move to the production server will it be
transferred.
If you remember, about a week ago, you and I had some correspondence
regarding Perl training. I am registered for 2 courses at Georgia Tech in
Atlanta beginning next week. Maybe I will get enough of a foundation from
these courses that I can someday become a good Perl programmer. I hope that
when I do, I will always be willing to assist those that are just trying to
learn without becoming annoyed and sarcastic when they do not always follow
proper programming procedures.
Larry Mullis
>>>>> "Larry" == Larry Mullis <[EMAIL PROTECTED]> writes:
Larry> print MAIL "Reply-to: ", param('email'), ' (', param('name'), ")\n";
>>>>> "Randall"== Randall L. Schwartz <[EMAIL PROTECTED]> writes:
>
>Randall> Bad security, no soup for you.
> >>>>> "Casey" == Casey West <[EMAIL PROTECTED]> writes:
>
> Casey> Could you please provide some usefull code examples or pointers to
> Casey> documents that contain them? Or a high level overview of what
should
> Casey> be done to sanitize?
>
> {sigh} Google for "CGI Perl Security". Dozens of useful places. Or
> see my WebTechniques columns. Or "perlsec". I'm sorry, perhaps I get
> a bit frustrated at people throwing things up on the web without even
> pursuing the basic research and caution.
>
> Maybe what we need is a big warning on every CGI installation.
>
> **** CGI EXECUTION IS INHERENTLY DANGEROUS -- ARE YOU SURE YOU TRUST
> **** THE CODE YOU'RE ABOUT TO INSTALL -- BECAUSE IT MIGHT BE USED
> **** TO PERFORM ALL SORTS OF BAD ACTS THAT CAN BE TRACED BACK TO YOU!
>
> If people understood that installing a CGI script was like loaning
> your car to someone (or your computer :), maybe they'd think a bit
> more before they just randomly typed or installed something.
>
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777
0095
> <[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
training!
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
