CGI and Security
Putting up a CGI scripts means that
- anyone, anywhere can execute your script
- they can give it any data they like
If you are not careful how data is used ...
Always run Perl CGI scripts in "taint" mode
- generates an error if tainted data used unsafely
Tainted data = any CGI parameter
Unsafely = in system-type operations (e.g. `...`)
|
![[prev]](icon/prev.gif){kind=icon}
![[index]](icon/up.gif){kind=icon}
![[next]](icon/next.gif){kind=icon}