Mark,
Thanks for the link to the perl site on Taint. I will be testing out
some perl settings.
Mike
At 02:59 PM 4/4/2007, you wrote:
On Wed, Apr 4, 2007 14:32, Mike Cossaboon <[EMAIL PROTECTED]> wrote:
I am running Tomcat 5.5.17 on Solaris 10 with Perl 5.8.4 installed.
I start my perl cgis with:
#!/usr/bin/perl -T
The -T is for Taint mode which I do to make the cgis more secure.
With a -T option, the web page is displayed with no text from my
print statements. If I remove the -T the perl cgis work fine. I
would like to keep the -T option. Is there a way to configure
Tomcat to accept Taint mode perl cgis?
The problem is almost certainly not with Tomcat. What is likely
happening is that the Perl interpreter is exiting with a fatal error
when the CGI you are trying to run tries to do something insecure.
(This error would usually be sent to your CGI's STDERR filehandle as
plain text). The solution is to either rewrite the insecure code in
the CGI to make it secure, or to tell Perl that it is OK to for the
code to perform potentially insecure operatings by *not* running the
CGI in Taint mode.
The essential point to keep in mind is this: -T does not make your
CGIs more secure, it just terminates your CGI if it tries to do any
of the bad things that "-T" checks for.
For more information, see http://perldoc.perl.org/perlsec.html
Mark Montague
ITCS Web/Database Production Team
The University of Michigan
[EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
