hwg-languages archives | Mar 2000 | new search | results | previous | next |
Script Securityby Zachary Johnson <zachary(at)zacharyjohnson.com> |
|
To all, [I was unable to find a FAQ for this discussion list -- does HWG, or anyone else, maintain one?] PREAMBLE Someone posted a page she saw (Nancy?) regarding script security, specifically regarding the hacking scripts by inserting includes or script code into form fields and submitting them, and this led me wonder: do most programmers have a minimum chunk of code they include in *every* script to deal with security, or is validation of user-submitted content generally regarded as a niceity, but one which generally gets passed over to keep programming time/file size/etc. down? THE BIG QUESTION If most programmers absolutely secure all of their scripts: (a) what are the security holes they plug, and (b) how do they plug them? WHY I ASK I ask this question for the benefit of us reletive newbies to perl programming in particular (though the same issues no doubt more or less equally to ASP, CF, PHP, etc.). Let the wisdom flow. Zack
HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA