Re: Help needed with here documents (security?)

From: "Ronald F. Guilmette" > > In message <7E7181F2497441C88988DD1F16E4A743@octavianf303f0>, you wrote: > >>From: "Janek Schleicher" >> >>> Am 24.10.2013 15:07, schrieb Shawn H Corey: > my $email = Email::Simple->create( > header => [ > From => $sender_addr

Re: Help needed with here documents (security?)

In message <20131024183255.3c233104@sage>, you wrote: >On Thu, 24 Oct 2013 14:55:51 -0700 >"John W. Krahn" wrote: > >> stdin (and stdout) are part of a stream protocol and as such are not >> about files and do not signal End-Of-File which is part of why emails >> use the single period to signa

Re: Help needed with here documents (security?)

In message <52699767.2050...@shaw.ca>, you wrote: >Ronald F. Guilmette wrote: >> In message<5268663c.4040...@stemsystems.com>, >> Uri Guttmanwrote: >> >>> i think a blank line with . will end input to smtp servers. try that too >>> in the line after the from field. >> >> DING DING DING!!! >> >> G

Re: Help needed with here documents (security?)

On Thu, 24 Oct 2013 14:55:51 -0700 "John W. Krahn" wrote: > stdin (and stdout) are part of a stream protocol and as such are not > about files and do not signal End-Of-File which is part of why emails > use the single period to signal the end of the message. I thought that was from the old mai

Re: Help needed with here documents (security?)

Ronald F. Guilmette wrote: In message<5268663c.4040...@stemsystems.com>, Uri Guttmanwrote: i think a blank line with . will end input to smtp servers. try that too in the line after the from field. DING DING DING!!! Give that man a cupie doll, because he's the winner of today's perplexing pu

Re: Help needed with here documents (security?)

On Oct 24, 2013, at 11:59 AM, Ronald F. Guilmette wrote: > But, getting back to my original 2 questions... > > I want to stress that I did not ask how to formulate and/or send a > properly formatted e-mail message. I can handle that part, even if > perhaps only in my own clumsey way. > > What

Re: Help needed with here documents (security?)

In message <7E7181F2497441C88988DD1F16E4A743@octavianf303f0>, you wrote: >From: "Janek Schleicher" > >> Am 24.10.2013 15:07, schrieb Shawn H Corey: my $email = Email::Simple->create( header => [ From => $sender_addr, To => 'ad...@

Re: Help needed with here documents (security?)

From: "Janek Schleicher" Am 24.10.2013 15:07, schrieb Shawn H Corey: my $email = Email::Simple->create( header => [ From => $sender_addr, To => 'ad...@tristatelogic.com', X-Server-Protocol => $server_protocol, X-Http-User-Agent => $ht

Re: Help needed with here documents (security?)

Am 24.10.2013 15:07, schrieb Shawn H Corey: my $email = Email::Simple->create( header => [ From => $sender_addr, To => 'ad...@tristatelogic.com', X-Server-Protocol => $server_protocol, X-Http-User-Agent => $http_user_agent, X-Http-

Re: Help needed with here documents (security?)

On Thu, 24 Oct 2013 06:30:58 -0700 Jim Gibson wrote: > > On Oct 24, 2013, at 6:07 AM, Shawn H Corey wrote: > > > On Thu, 24 Oct 2013 13:52:51 +0200 > > Janek Schleicher wrote: > > > >> use Email::Simple; > >> > >> my $email = Email::Simple->create( > >> header => [ > >> From

Re: Help needed with here documents (security?)

On Oct 24, 2013, at 6:07 AM, Shawn H Corey wrote: > On Thu, 24 Oct 2013 13:52:51 +0200 > Janek Schleicher wrote: > >> use Email::Simple; >> >> my $email = Email::Simple->create( >> header => [ >> From => $sender_addr, >> To => 'ad...@tristatelogic.com',

Re: Help needed with here documents (security?)

On Thu, 24 Oct 2013 13:52:51 +0200 Janek Schleicher wrote: > use Email::Simple; > > my $email = Email::Simple->create( >header => [ > From => $sender_addr, > To => 'ad...@tristatelogic.com', > X-Server-Protocol => $server_protocol, > X-Http-

Re: Help needed with here documents (security?)

Another way of handling is to use one of the availabe Email::* modules on CPAN. This would have the advantages of (beside you don't have to worry about details of string quoting): - better code, as you write down what you intend to do instead of how you do it - better security, as

Re: Help needed with here documents (security?)

In message <40504.1382576...@server1.tristatelogic.com>, I wrote: >>> Well, I added to the script some rudimentary filtering/validation of >>> the input strings in question also. >> >>you need more than rudimentary filtering. make sure the from field is >>one string, no newlines or anything but

Re: Help needed with here documents (security?)

his clears up the mystery pretty completely, I think. The attacker no doubt used the HTTP %xx notation to smugle in some newlines, and also stuck a period in there somewhere, and that would completely explain the content of the two exceptionally mysterious messages I saw. (Thankfully, all this mean

Re: Help needed with here documents (security?)

In message <20131023193228.38cf83e2@sage>, you wrote: >On Wed, 23 Oct 2013 16:12:12 -0700 >"Ronald F. Guilmette" wrote: > >> I believe that you may be on to something here, but it is more than >> just Postfix seeing a \n\n and believeing that it had encountered the >> end of the headers. It is

Re: Help needed with here documents (security?)

On 10/23/2013 07:12 PM, Ronald F. Guilmette wrote: In message <52684f18.2000...@stemsystems.com>, you wrote: I _do_ know more than a little about mail servers, and while you are basically correct, i.e. that Postfix would certainly view anything past the first \n\n encountered as being *messag

Re: Help needed with here documents (security?)

On 2013-10-24 01:12, Ronald F. Guilmette wrote: In message <52684f18.2000...@stemsystems.com>, you wrote: On 10/23/2013 06:18 PM, Ronald F. Guilmette wrote: ... print SM < From: "$sender_name" <$sender_addr> Subject: Your message to Tristatelogic.Com X-Server-Protocol: $server_protocol X-Http

Re: Help needed with here documents (security?)

On Wed, 23 Oct 2013 16:12:12 -0700 "Ronald F. Guilmette" wrote: > I believe that you may be on to something here, but it is more than > just Postfix seeing a \n\n and believeing that it had encountered the > end of the headers. It is possible that something in the input > stream I gave it signal

Re: Help needed with here documents (security?)

In message <52684f18.2000...@stemsystems.com>, you wrote: >On 10/23/2013 06:18 PM, Ronald F. Guilmette wrote: > >> ... >> print SM <> To: "Tristatelogic.Com Administrator" >> From: "$sender_name" <$sender_addr> >> Subject: Your message to Tristatelogic.Com >> X-Server-Protocol: $server_protocol

Re: Help needed with here documents (security?)

On 10/23/2013 06:18 PM, Ronald F. Guilmette wrote: ... print SM < From: "$sender_name" <$sender_addr> Subject: Your message to Tristatelogic.Com X-Server-Protocol: $server_protocol X-Http-User-Agent: $http_user_agent X-Http-Referer: $http_referer X-Remote-Addr: $remote_addr X-Remote-Host: $remot

Re: Help needed with here documents (security?)

In message <39517.1382566...@server1.tristatelogic.com>, I wrote: >About a day ago, some schmuck set about to try, hard, to exploit the >personally written Perl code I have in place and that processes the >input for the contact form on my web site... I neglected to mention that this was obviousl

Help needed with here documents (security?)

n my inbox that appear to indicate that not all of these exploit attempts failed. It now seems at least possible that two attempts may have breached my security, possibly because of a misunderstnding on my part of "here" documents and the way they actually work. So I need, desperately, to

Re: [use DBI] - how to improve security in perl script (

On 17/05/11 22:46, Woo, Hye Jin wrote: But, I have to enter id and pw in perl script.(example below) It make security weak. If you make sure the script is only readable by the user executing it then only they will be able to see the password. Alternatively, on a *NIX system, store the

[use DBI] - how to improve security in perl script (

Do you know how to improve security on perl? Do you know how to encrypt the ID and PW in perl Specious guy can get ID and PW in perl script. I have been making the script to get DB healthcheck info about 20 DB servers everyday. I use DBI module. But, I have to enter id and pw in perl script

Re: IMAP email client: style & security

> perl style is to just use boolean tests and not check for equality to > some constants. and this means not using FALSE and TRUE constants. so > you should drop this habit as you won't see it much in perl. > Alright - changed. This is exactly why I sent this email to the list - to learn perl styl

Re: IMAP email client: style & security

> "EA" == Eitan Adler writes: >> Constants are usually written in all uppercase to distinguish them from >> keywords, functions, operators and subroutines. How did you choose the >> arbitrary values 0 and 1 for false and true instead of using other values? >> Why did you name them fa

Re: IMAP email client: style & security

I made the changes below and I'd like to know if there is anything else I could do to improve the quality of my code. use constant false => 0; >>use constant true => 1; >> > > Constants are usually written in all uppercase to distinguish them from > keywords, functions, operators

Re: IMAP email client: style & security

Eitan Adler wrote: I wrote a program to fetch email from a IMAP account, look to see if I sent it, if yes execute any commands in the email and email the results back to via a SMTP server. 1) This being my first perl program I'd like to know if I'm using the proper perl idioms and language featu

AW: IMAP email client: style & security

source I'd like to know if you find any security issues with > my code. I used Mail::IMAPClient::get_header($_,"From") to verify > that I'm sending myself commands-- is this safe? [...] No. Mail headers are easily forged. You should probably be using PGP or S/MIME to au

IMAP email client: style & security

. Is there anything I could do to improve my code? 2) Secondly since this program executes commands from a potentially insecure source I'd like to know if you find any security issues with my code. I used Mail::IMAPClient::get_header($_,"From") to verify that I'm sending myself comman

Re: DBI Integrated Security

From: "HESTER, CHRISTOPHER" <[EMAIL PROTECTED]> > I'm trying to connect to a MSSQL 2000 database using integrated security > and am not having any success. My understanding is that you only need to > call DBSETLSECURE before you call dblogin, as in my example below,

DBI Integrated Security

Greetings, I'm trying to connect to a MSSQL 2000 database using integrated security and am not having any success. My understanding is that you only need to call DBSETLSECURE before you call dblogin, as in my example below, but it doesn't even attempt to be reaching the SQL se

Re: security on a html page with perl.

On Tue, 24 Aug 2004, Jose Alves de Castro wrote: One thing that could be done was to have the page with the form generate the hidden field in a way that only the script could validate it... But that's exactly the problem I'm talking about -- what would that solve? The machinery to do that well w

Re: security on a html page with perl.

On Tue, 2004-08-24 at 15:36, Chris Devers wrote: > On Tue, 24 Aug 2004, Jose Alves de Castro wrote: > > > On Tue, 2004-08-24 at 15:22, Chris Devers wrote: > > > >> The obvious way I can think of to do this is to make the download page a > >> script that checks to see that: > >> > >>* mandatory

Re: security on a html page with perl.

On Tue, 24 Aug 2004, Jose Alves de Castro wrote: On Tue, 2004-08-24 at 15:22, Chris Devers wrote: The obvious way I can think of to do this is to make the download page a script that checks to see that: * mandatory form fields are defined as input for the download script * the referring page

Re: security on a html page with perl.

On Tue, 2004-08-24 at 15:22, Chris Devers wrote: > On Tue, 24 Aug 2004, Joe Echavarria wrote: > > > After a user fill out a form and submit it a perl > > script takes the user to a download page of my > > website. how can i prevent a user from directly > > access the download page using the web

Re: security on a html page with perl.

On Tue, 24 Aug 2004, Joe Echavarria wrote: After a user fill out a form and submit it a perl script takes the user to a download page of my website. how can i prevent a user from directly access the download page using the web browser.., for example http://www.mydomain.com/download_page.html, i o

security on a html page with perl.

Hi there, After a user fill out a form and submit it a perl script takes the user to a download page of my website. how can i prevent a user from directly access the download page using the web browser.., for example http://www.mydomain.com/download_page.html, i only want the user to able to d

OT: RE: Security Question

I think this is off-topic for this list. It's more of a cryptography question than a Perl question (and it's not even really a question). -Original Message- From: Jenda Krynicky [mailto:[EMAIL PROTECTED] Sent: Monday, April 26, 2004 3:44 PM To: [EMAIL PROTECTED] Subject: Re

Re: Security Question

From: WC -Sx- Jones <[EMAIL PROTECTED]> > Originally I asked this question around 1998, I'd like to see > if anything new has occurred since then because the client I > wrote the security code for which generated this key is *still* > using that application today - > &g

Re: Security Question

On Apr 23, 2004, at 9:04 PM, WC -Sx- Jones wrote: [..] Please, decode this key: SxEyj/gJs5pXISX11386025 Thank you in advance :) [..] My compliments to your wit. ciao drieux --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Security Question

Originally I asked this question around 1998, I'd like to see if anything new has occurred since then because the client I wrote the security code for which generated this key is *still* using that application today - Please, decode this key: SxEyj/gJs5pXISX11386025 Thank you in ad

Re: How to secure database password? (was Re: Perl/DBI newbie: password storage / security question)

I think you're complicating an already quite simple thing. 1. Most major databases support permissions. Use these liberally to seperate those who only need access to the database to view contents on a single table and those who should be able to alter one table or one database and ONLY that tabl

How to secure database password? (was Re: Perl/DBI newbie: password storage / security question)

ottom of my post. It is actually an extremely common situation: There is a CGI script written in Perl. It is a frontend to an SQL database. The script has to connect to the database so it has to send a password. I need that password to be secure. I am not interested in security through obsc

Re: How to secure database password? (was Re: Perl/DBI newbie: password storage / security question)

Zedgar, You are chasing the yourself into circles. Security is dictated by circumstances and resources available. In our case, we had plenty of both and developed for our needs the "best" solution. Insofar as the storing of the password for the login that is used to get the pas

Re: Perl/DBI newbie: password storage / security question

we do not have web servers calling directly to dbs, so the issue of clear text password in the subclassed DBI module is not so much of a concern for us. Like most places there are 9 layers of security to get through before you can try to run perl code on a production host. HTH, Chuck Fox

Re: Perl/DBI newbie: password storage / security question

Dear Zedgar, I'm not completely sure I understand your goals, question and setup, but, if you are concerned about security, using a relational database is almost if not certainly your best bet. I am working on just such a system right now for myself, so I can appreciate your question.

Re: Perl/DBI newbie: password storage / security question

[EMAIL PROTECTED] wrote: > Thank you Joseph and Motherofperls for your tips, however I need something more than > security through obscurity, as this database is going to store our customers > personal information (real name and contact information) which is absolutely > unacce

Re: Perl/DBI newbie: password storage / security question

R. Joseph Newton wrote: > [EMAIL PROTECTED] wrote: > >>I'm basically concerned about the security of writing a simple web frontend to SQL >>database, the most important question being: how should I store the database >>password? >>[...] >>There are

Re: Perl/DBI newbie: password storage / security question

[EMAIL PROTECTED] wrote: > Hello! > > This is probably something trivial, in which case I apologize, however I'm quite new > in Perl and even more so in databases. Actually, I'm quite new in programing at all, > so please don't laugh at me. > > I'm

Re: Perl/DBI newbie: password storage / security question

I'm new to databasing too, and decided to put this question off till I got the basics down first. My beginners solution was to put the database info in a txt file in my cgi-bin and read the variables into the script. I also set the variables for the info with this code, which I read hides the

Perl/DBI newbie: password storage / security question

Hello! This is probably something trivial, in which case I apologize, however I'm quite new in Perl and even more so in databases. Actually, I'm quite new in programing at all, so please don't laugh at me. I'm basically concerned about the security of writing a simple

RE: Security Code Validation for Forms

> Hi All, I know of a service that I helped develop that uses Encryption and the Imager Module to do this. Email me off list if your interested in details of that service. Thanks, Dan > > I am trying to find a way, to place a security code image on > to a web form, so that the

Re: Security Code Validation for Forms

Adam Gent wrote: Hi All, I am trying to find a way, to place a security code image on to a web form, so that the user, has to copy the text from the image into a text field before they can continue, similar to hotmail, paypal etc I have been looking around the web and on CPAN for a solution to

Security Code Validation for Forms

Hi All, I am trying to find a way, to place a security code image on to a web form, so that the user, has to copy the text from the image into a text field before they can continue, similar to hotmail, paypal etc I have been looking around the web and on CPAN for a solution to this, but can not

RE: Perl Security

> Jonathan wrote: > > Hi, > > > > I am insterested in creating a reusable module that allows my > > scripts to have pretty good security. I just don't know how > i would go > > about encrypting passwords. Please help > > I like to: use Crypt

Re: Perl Security

Jonathan wrote: Hi, I am insterested in creating a reusable module that allows my scripts to have pretty good security. I just don't know how i would go about encrypting passwords. Please help perldoc -q password has some advice for you (which includes looking at perldoc -f crypt).

Re: opening SSL, security, (authorize.net)

ecret_word and pass it as hidden to the form. Then my script in step 2 could verify if the data is valid or if someone tried to send their own stuff, but in that case what's the use of the transaction key as the security parameter? Haven't used the service personally, but you might wa

opening SSL, security, (authorize.net)

pass it as hidden to the form. Then my script in step 2 could verify if the data is valid or if someone tried to send their own stuff, but in that case what's the use of the transaction key as the security parameter? Mariusz _

Re: A security problem

At that point, the back button will only go back to page zero, or forward to the newly loaded page. Hope that helps! -Original Message- From: Octavian Rasnita [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 30, 2002 11:19 PM To: Geraint Jones; [EMAIL PROTECTED] Subject: Re: A

Re: Perl Security

how is it possible to send a message 11 years in the future? dan "Jonathan" <[EMAIL PROTECTED]> wrote in message news:000801cde00e$979fab00$8693a7d0@;win2k... Hi, I am insterested in creating a reusable module that allows my scripts to have pretty good security. I just

Re: security check

id in like 2 min. It will be cleaned up a bit more. And if there is > a better way of checking let me know. I would rather use proven code then > risk a security hole. > > Chris > > $valid = 'digital-drakon' > $referer = $ENV{HTTP_REFERER}; Chris, You do not wan

security check

is a better way of checking let me know. I would rather use proven code then risk a security hole. Chris $valid = 'digital-drakon' $referer = $ENV{HTTP_REFERER}; # should split by the // in # http://www.digital-drakon.com ($http, $url) = split(/\/\//, $referer) # whats left over s

Re: Security question re POST data

From: Shaun Fryer <[EMAIL PROTECTED]> > Please take into account that I'm new at this... > > Rather than using CGI.pm, I'm using the following library sub-routine > which was passed to me by a friend (I think from one of the O'Reilly > books). Especialy since you are new at this you should use

Re: Security question re POST data

On Apr 5, Shaun Fryer said: >Rather than using CGI.pm, I'm using the following library sub-routine >which was passed to me by a friend (I think from one of the O'Reilly >books). What I'm wondering is if Perl 5 has any built in functionality I highly doubt it was found in an O'Reilly book -- if i

Security question re POST data

Please take into account that I'm new at this... Rather than using CGI.pm, I'm using the following library sub-routine which was passed to me by a friend (I think from one of the O'Reilly books). What I'm wondering is if Perl 5 has any built in functionality to prevent buffer overruns or excessiv

Re: Security advice: SHA vs crypt for authenticator

Wednesday, January 16, 2002, 6:45:40 PM, [EMAIL PROTECTED] wrote: > I'm using a nice little GDBM file for authentication. It just stores users > and passwords as SHA1 hashes. When I need to authenticate someone (fewer > than 15 lines in the dbm file) I just tie it and compare the SHA'd user > inp

Re: Security advice: SHA vs crypt for authenticator

On Wednesday 16 January 2002 11:45 am, [EMAIL PROTECTED] wrote: > Hello, > I'm using a nice little GDBM file for authentication. It just stores users > and passwords as SHA1 hashes. When I need to authenticate someone (fewer > than 15 lines in the dbm file) I just tie it and compare the SHA'd user

Security advice: SHA vs crypt for authenticator

Hello, I'm using a nice little GDBM file for authentication. It just stores users and passwords as SHA1 hashes. When I need to authenticate someone (fewer than 15 lines in the dbm file) I just tie it and compare the SHA'd user input against the hex value in the dbm file. (The file is not publicly

Re: formmail.pl security

At 12:18 PM 1/11/2002 -0800, Scott Lutz wrote: >I am curious if anyone is familiar with a way to tighten security on >this script? >We am experiencing some sort of script that is exploiting this code, and >am looking for some previous experience here . . > >please Is this th

formmail.pl security

I am curious if anyone is familiar with a way to tighten security on this script? We am experiencing some sort of script that is exploiting this code, and am looking for some previous experience here . . please Scott Lutz Pacific Online Support Phone: 604.638.6010 Fax: 604.638.6020 Toll Free

Re: formmail.pl security

--- Scott Lutz <[EMAIL PROTECTED]> wrote: > I am curious if anyone is familiar with a way to tighten security on > this script? > We am experiencing some sort of script that is exploiting this code, and > am looking for some previous experience here . . > > please &

[OT] Security (was: Passing arrays across forms)

se an ending tr tag because I just see a plain blank page evenb if all the html is in the source. Netscap is not friendly with poor html coders, and even huge websites have bad coding for netscape. Concerning security, The best thing is to keep all server side. If you have a database you keep all info i

Re: Net:SFTP license and security

ht 2001 Benjamin Trott. All rights reserved. Net::SFTP is free software; you may redistribute it and/or modify it under the same terms as Perl itself. AM> http://search.cpan.org/search?dist=Net-SFTP also the security issues of it AM> i.e is the connection between the client and

Net:SFTP license and security

Hi All, I need documents describing the license of using Net:SFTP http://search.cpan.org/search?dist=Net-SFTP also the security issues of it i.e is the connection between the client and the server is *really* encrypted? Your help will be appreciated so much. --Ahmed Moustafa [EMAIL PROTECTED

Re: CGI scripts security

be my preferred solution. Creating files based on unchecked (anonymous) user input just seems stupid to me. Alternatively setup the script in a chroot enviroment, which is a little safer. However, if it makes coding easier, and you can afford a few hacks once and a whil

Re: CGI scripts security

>>>>> "Kevin" == Kevin Meltzer <[EMAIL PROTECTED]> writes: Kevin> Never trust anyone over 30 Presuming that's in Hex, sure. :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehen

Re: CGI scripts security

On Wed, Nov 28, 2001 at 08:46:36AM -0800, Randal L. Schwartz ([EMAIL PROTECTED]) said something similar to: > Never trust CGI params. > Never trust CGI params. > Never trust CGI params. I'll add to that: Never trust user input Never trust database data Never trust command line params Never trus

Re: CGI scripts security

mand|\0" instead. I'll leave that up to the guy that's about to visit your site. :) Never trust CGI params. Never trust CGI params. Never trust CGI params. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]

Re: CGI scripts security

- it's a frequently exploited idea. > > That's true but this is not of my primary concern > (there are no crackers with telnet access to the > site :)) That'd make your script a possible target for further defeating your security. Since it probably runs as "nobody&quo

Re: CGI scripts security

"Jonathan E. Paton" <[EMAIL PROTECTED]> wrote: >> something like opening a file, but can somebody >> show me how example below can compromise my website? >> >> open(F, "/home/users/me/web/$in{'NAME'}.ext"); > >What if $in{'NAME'} started with "../../../../tmp/"? > >Now, if in the tmp directory a

Re: CGI scripts security

Hi, > I've read docs on security and I'm aware of that > all user variables should be checked before doing > something like opening a file, but can somebody > show me how example below can compromise my website? > > open(F, "/home/users/me/web/$in{'NAME&#

CGI scripts security

I've read docs on security and I'm aware of that all user variables should be checked before doing something like opening a file, but can somebody show me how example below can compromise my website? open(F, "/home/users/me/web/$in{'NAME'}.ext"); Does somethin

Re: registry Security permissions.

> Is there any way to controll registry security permissions as we can do it > from REGEDT32.exe in NT. This is very Urgent. Please respond if any. > > Thank you very much. > > With Regards > Raju Install Win32::Perms (should be instalable via PPM) Jenda === [EMA

RE: registry Security permissions.

EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: registry Security permissions. Dear All, Is there any way to controll registry security permissions as we can do it from REGEDT32.exe in NT. This is very Urgent. Please respond if any. Thank you very much. With Regards Raju -- To unsubscribe, e

registry Security permissions.

Dear All, Is there any way to controll registry security permissions as we can do it from REGEDT32.exe in NT. This is very Urgent. Please respond if any. Thank you very much. With Regards Raju -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: Security Mechanisms with Perl/Apache on an Hosted Website???

On 9/25/01 10:26 AM, "Bill Jones" <[EMAIL PROTECTED]> wrote: > That is a big can of worms... > > There are various ways to get what you want - some better and more secure > than others; but not having root access is not a big deal... > > Something that may help point you in a better direction:

Re: Security Mechanisms with Perl/Apache on an Hosted Website???

fmteyewtka remote authentication: http://library.smc.edu/rpa.htm > Hey folks, > I'm trying to cobble together some form of authentication mechanism on a > website I am building for a friend. His ISP uses Perl & Apache (it's on a > linux box). I (obviously) don't have root priviledges and have lim

Re: Security Mechanisms with Perl/Apache on an Hosted Website???

On 9/25/01 11:10 AM, "David Simcik" <[EMAIL PROTECTED]> wrote: > Hey folks, > I'm trying to cobble together some form of authentication mechanism on a > website I am building for a friend. His ISP uses Perl & Apache (it's on a > linux box). I (obviously) don't have root priviledges and have limit

Security Mechanisms with Perl/Apache on an Hosted Website???

Hey folks, I'm trying to cobble together some form of authentication mechanism on a website I am building for a friend. His ISP uses Perl & Apache (it's on a linux box). I (obviously) don't have root priviledges and have limited access to the filesystem. What are my options (if any)??? I t

Re: Security

>although I am not really knew to programming I never bothered about >security. I know that > >perldoc perlsec > >provides information about security, but I don't understand half of what I >am reading. Does anyone know where I can find good tutorials for begin

Re: Security Question (follow-up question)

> Bob Mangold <[EMAIL PROTECTED]> said: > This is somewhat alarming to me because I hadn't realized this potential > before, but is there an easy way to check what is being opened. Would using a > -f() or -d() to verify that you were actually opening a file or directory do > the trick? Be mindfu

RE: Security Question (follow-up question)

ROTECTED]> wrote: > Actually, open is only a security hole if you allow the user to tell you > what to open at the command line. > > i don't have the exact message in front of me, but my guess is that someone > said something like: > > $_=; > open(IN,"$_|"

Re: Security Question

On Tue, 31 Jul 2001, Customer Service wrote: > I was reading a reply to a question this morning that stated that the open() > call is a big security hole because someone could put in ";rm -rf ." as the > value for $email. > What does ";rm -rf ." do? Why is

RE: Security Question

Actually, open is only a security hole if you allow the user to tell you what to open at the command line. i don't have the exact message in front of me, but my guess is that someone said something like: $_=; open(IN,"$_|"); In which case if the user entered 'rm -rf /'

RE: Security Question

'rm -rf .' is a unix command that removes everything in the current direcotry PERMANENTLY and UNCONDITIONALLY -Original Message- From: Customer Service [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 31, 2001 9:44 AM To: Perl Beginners Subject: Security Question Dear Sirs,

Security Question

that stated that the open() call is a big security hole because someone could put in ";rm -rf ." as the value for $email. What does ";rm -rf ." do? Why is it so dangerous? Nathan Garlington [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>

Re: Perl Security

I am insterested in creating a reusable module that allows my scripts to have >pretty good security. I just don't know how i would go about encrypting passwords. >Please help > > Thanks

Perl Security

Hi, I am insterested in creating a reusable module that allows my scripts to have pretty good security. I just don't know how i would go about encrypting passwords. Please help Thanks

  1   2   >