Script Security

To all,

[I was unable to find a FAQ for this discussion list -- does HWG, or anyone
else, maintain one?]

PREAMBLE

Someone posted a page she saw (Nancy?) regarding script security,
specifically regarding the hacking scripts by inserting includes or script
code into form fields and submitting them, and this led me wonder: do most
programmers have a minimum chunk of code they include in *every* script to
deal with security, or is validation of user-submitted content generally
regarded as a niceity, but one which generally gets passed over to keep
programming time/file size/etc. down?


THE BIG QUESTION

If most programmers absolutely secure all of their scripts: (a) what are
the security holes they plug, and (b) how do they plug them?


WHY I ASK

I ask this question for the benefit of us reletive newbies to perl
programming in particular (though the same issues no doubt more or less
equally to ASP, CF, PHP, etc.).

Let the wisdom flow.

Zack

HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA