--- Jules <[EMAIL PROTECTED]> wrote: > Our web server enables us to use 'SafePerl' for CGI scripts. I can find > little information relating to this, and what subset of Perl commands are > enabled (or correctly, which commands are disabled). > Can anyone point me in the right direction? > > Julian
In addition to Jonathan Paton's reponse, I can offer a couple of others. 1: Use a wrapper for your scripts: http://www.w3.org/Security/Faq/wwwsf4.html#CGI-Q9 2. You can also check out my CGI::Safe module http://search.cpan.org/search?mode=module&query=CGI%3A%3ASafe Currently, CGI::Safe deletes dangerous %ENV data (as listed in perldoc perlsec) and sets some of the CGI.pm globals variables to help prevent against certain types of DOS attacks. Future versions will handle much of the untainting of data for you (though you still have to supply the regex). Cheers, Curtis "Ovid" Poe ===== Senior Programmer Onsite! Technology (http://www.onsitetech.com/) "Ovid" on http://www.perlmonks.org/ __________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
