> inputErrorHandler($foo) unless testInput($foo);
Sorry for the typo. ;) Of course inputErrorHander() is upto you to create.
--
=
Shaun Fryer
=
http://sourcery.ca/
ph: 416-544-9461
=
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
Fo
> I can't say how others do it but almost my every script starts with:
>
> if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
> exit;
> }
>
> it helps eliminating of Bad Guys forms & shoving of data (no remote postings
> allowed).
Sorry to differ, but it does not. The HTTP_REFERRER is set by the cl
Sara wrote:
bad guys can always create their own form
I can't say how others do it but almost my every script starts with:
if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
exit;
}
it helps eliminating of Bad Guys forms & shoving of data
Really?
use HTTP::Request::Common 'POST';
use LWP::User
No I don't know, can you please explain.
How it can be spoofed, I am interested in details.
- Original Message -
From: "Bob Showalter" <[EMAIL PROTECTED]>
To: "'Sara'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, N
Sara wrote:
> > > > bad guys can always create their own form
>
> I can't say how others do it but almost my every script starts with:
>
> if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
> exit;
> }
>
> it helps eliminating of Bad Guys forms & shoving of data (no remote
> postings allowed).
You
.
- Original Message -
From: "B McKee" <[EMAIL PROTECTED]>
To: "Sara" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, November 11, 2004 2:13 AM
Subject: Re: untainting data
>
> On Wednesday, November 10, 2004, at 04:02 PM, Sara wrot
Sara wrote:
If the 'name' is coming from a Form, try limiting it within the form
tags, it's always a better idea.
Better!? Nope. It may be a convenient *supplement*, so that people don't
need to unnecessarily type a string that the script immediately rejects,
but please note that people can submit
On Wednesday, November 10, 2004, at 04:02 PM, Sara wrote:
If the 'name' is coming from a Form, try limiting it within the form
tags,
it's always a better idea.
I thought (correct me if I'm wrong here - I'm no expert)
that you want to do this at both ends
because the bad guys can always create
Original Message -
From: "David Gilden" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 10, 2004 11:49 PM
Subject: untainting data
Hello,
Is the following all I need to untaint data?
#!/usr/bin/perl
use CGI qw/:standard/;
my $name = param(&#
David Gilden wrote:
Is the following all I need to untaint data?
#!/usr/bin/perl
use CGI qw/:standard/;
my $name = param('name');
$name =~ s/(\w+)/$1/;
That does not untaint anything.
What you need to do to learn about tainted mode is reading the
applicable docs:
perldoc perlsec
What can I do
Hello,
Is the following all I need to untaint data?
#!/usr/bin/perl
use CGI qw/:standard/;
my $name = param('name');
$name =~ s/(\w+)/$1/;
What can I do limit string length to 40 characters?
Thanks,
Dave
(kora musician / audiophile / webmaster @ www.coraconnection.com / Ft. Worth,
TX
11 matches
Mail list logo
