--- Mary Anderson <[EMAIL PROTECTED]> wrote: > Are there things I should be doing, besides not running on Windows > and IIS, to make my application more secure? I am careful to > timestamp every row in every table in case some malicious nonsense > is done and I have to clean up the mess.
Hi Mary, Glad you're thinking about security early. Too many folks don't. I have a brief introduction to CGI security at http://users.easystreet.com/ovid/cgi_course/lessons/lesson_three.html. It's not complete, but it covers the basics (there are a lot of things about cookies which I should have covered, but didn't). Here's an article about XSS (cross-site scripting attacks): http://www.perl.com/pub/a/2002/02/20/css.html You can also read Randal Schwartz's article about basic cookie management: many cookie security holes just go away if you follow what he lays out. Cheers, Ovid -- If this message is a response to a question on a mailing list, please send follow up questions to the list. Web Programming with Perl -- http://users.easystreet.com/ovid/cgi_course/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
