I can't say how others do it but almost my every script starts with:
if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
exit;
}
it helps eliminating of Bad Guys forms shoving of data (no remote postings
allowed).
Sorry to differ, but it does not. The HTTP_REFERRER is set by the client.
A
inputErrorHandler($foo) unless testInput($foo);
Sorry for the typo. ;) Of course inputErrorHander() is upto you to create.
--
=
Shaun Fryer
=
http://sourcery.ca/
ph: 416-544-9461
=
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
Hello,
Is the following all I need to untaint data?
#!/usr/bin/perl
use CGI qw/:standard/;
my $name = param('name');
$name =~ s/(\w+)/$1/;
What can I do limit string length to 40 characters?
Thanks,
Dave
(kora musician / audiophile / webmaster @ www.coraconnection.com / Ft. Worth,
David Gilden wrote:
Is the following all I need to untaint data?
#!/usr/bin/perl
use CGI qw/:standard/;
my $name = param('name');
$name =~ s/(\w+)/$1/;
That does not untaint anything.
What you need to do to learn about tainted mode is reading the
applicable docs:
perldoc perlsec
What can I
.
- Original Message -
From: David Gilden [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 10, 2004 11:49 PM
Subject: untainting data
Hello,
Is the following all I need to untaint data?
#!/usr/bin/perl
use CGI qw/:standard/;
my $name = param('name');
$name =~ s/(\w+)/$1
On Wednesday, November 10, 2004, at 04:02 PM, Sara wrote:
If the 'name' is coming from a Form, try limiting it within the form
tags,
it's always a better idea.
I thought (correct me if I'm wrong here - I'm no expert)
that you want to do this at both ends
because the bad guys can always
Sara wrote:
If the 'name' is coming from a Form, try limiting it within the form
tags, it's always a better idea.
input type=text name=name MAXLENGTH=40
Better!? Nope. It may be a convenient *supplement*, so that people don't
need to unnecessarily type a string that the script immediately rejects,
-
From: B McKee [EMAIL PROTECTED]
To: Sara [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, November 11, 2004 2:13 AM
Subject: Re: untainting data
On Wednesday, November 10, 2004, at 04:02 PM, Sara wrote:
If the 'name' is coming from a Form, try limiting it within the form
tags,
it's
Sara wrote:
bad guys can always create their own form
I can't say how others do it but almost my every script starts with:
if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
exit;
}
it helps eliminating of Bad Guys forms shoving of data (no remote
postings allowed).
You do know that
Sara wrote:
bad guys can always create their own form
I can't say how others do it but almost my every script starts with:
if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
exit;
}
it helps eliminating of Bad Guys forms shoving of data
Really?
use HTTP::Request::Common 'POST';
use
10 matches
Mail list logo