Richard Morse wrote:
On Jul 11, 2005, at 4:16 PM, lorid wrote:
Just curious
I found thisline in a sample perl program (which created a simple web
page)
line:
delete @ENV{'BASH_ENV', 'CDPATH', 'ENV', 'IFS', 'PATH', 'SHELL'}; #
For security.
could someone tell me if I should include this on all web pages I
create and if so why?
Although I may be wrong, I would only include this if you intend to use
any of the environment variables in question -- delete them and reset
them to a sane value. Note that calls to system and using the qx (or
backticks) operator will make use of these values.
which is why perldoc perlsec recommends deleting them.
_______________________________________________
Perl-Win32-Users mailing list
Perl-Win32-Users@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
