Re: CGI Perl Security

2001-07-25 Thread Sam Couter
Tamas TEVESZ <[EMAIL PROTECTED]> wrote: > > DOCUMENT_ROOT is set by the server, so it's just unneccessary > overhead. you can of course do that, but if you don't trust your > webserver, why are you running it at the first place ? :> If you don't have taint mode on when coding perl scripts that mu

Re: CGI Perl Security

2001-07-25 Thread Sam Couter
Tamas TEVESZ <[EMAIL PROTECTED]> wrote: > > DOCUMENT_ROOT is set by the server, so it's just unneccessary > overhead. you can of course do that, but if you don't trust your > webserver, why are you running it at the first place ? :> If you don't have taint mode on when coding perl scripts that m

Re: CGI Perl Security

2001-07-25 Thread Tamas TEVESZ
On Wed, 25 Jul 2001, Jason Thomas wrote: > not that I know of, but I would suggest turning on tainted mode and > passing all external variables through a regex. , those that are set by the client. DOCUMENT_ROOT is set by the server, so it's just

Re: CGI Perl Security

2001-07-25 Thread Tamas TEVESZ
On Wed, 25 Jul 2001, Jason Thomas wrote: > not that I know of, but I would suggest turning on tainted mode and > passing all external variables through a regex. , those that are set by the client. DOCUMENT_ROOT is set by the server, so it's just

Re: CGI Perl Security

2001-07-24 Thread Jason Thomas
not that I know of, but I would suggest turning on tainted mode and passing all external variables through a regex. my $documentRoot = $ENV{"DOCUMENT_ROOT"}; if (defined($documentRoot)) { # untaint documentRoot $documentRoot =~ m#^([\w_./+:-]+)$#; $documentRoot = $1; } or

Re: CGI Perl Security

2001-07-24 Thread Jason Thomas
not that I know of, but I would suggest turning on tainted mode and passing all external variables through a regex. my $documentRoot = $ENV{"DOCUMENT_ROOT"}; if (defined($documentRoot)) { # untaint documentRoot $documentRoot =~ m#^([\w_./+:-]+)$#; $documentRoot = $1; } or

CGI Perl Security

2001-07-24 Thread Leonard Leblanc
Hello Everyone, I'm not quite sure if this is the right place to be posting this, but I am using Debian and it is a security related question. We are currently developing a new website with perl that consists of using the HTML::Template module. In the beginning of this script there are multip

CGI Perl Security

2001-07-24 Thread Leonard Leblanc
Hello Everyone, I'm not quite sure if this is the right place to be posting this, but I am using Debian and it is a security related question. We are currently developing a new website with perl that consists of using the HTML::Template module. In the beginning of this script there are multi