On Sat, Jun 09, 2001 at 09:35:18AM -0500, Karen Cravens ([EMAIL PROTECTED]) spew-ed
forth:
> On 9 Jun 2001, at 7:10, Randal L. Schwartz wrote:
>
> > But that doesn't matter. If you don't plan for it, someone will
> > create a path with a newline to DELIBERATELY break your code
> > and potentially open up a security hole.
>
> Harrumph. If someone is creating paths on *my* system (yes,
> even under CGI control), I've already *got* a security hole.
If it is under the control of your CGI, and you use proper data laundering and
checking on paths being created, you shouldn't have a security issue.
> Ostriches don't really bury their heads in the sand, you know...
And bats aren't really blind :)
Cheers,
Kevin
--
[Writing CGI Applications with Perl - http://perlcgi-book.com]
"When a man sits with a pretty girl for an hour, it seems like a minute.
But let him sit on a hot stove for a minute, and it's longer than any hour.
That's relativity." --Albert Einstein
