hwg-techniques archives Jan 2000 new search results previous next

Re: Collecting Browser strings

by "Peter Newton" <c-newton(at)ihug.co.nz>

 Date:  Mon, 3 Jan 2000 10:02:08 +1300
 To:  <hwg-techniques(at)hwg.org>
  todo: View Thread, Original 
Hello Shaun,
Sorry for that implication Shaun re: "view list not working!" I was just
being lazy and saving myself sending a seperate email. I also validated my
script and found an error which could have been the cause.
Thanks for the tip on the -t option I'll read it up, I imagine all I need to
do is put:-

#!/usr/bin/perl -t       (or wherever the path to the perl program is)


as the 1st line of the script.


Many Thanks
Peter Newton


On 2 Jan 00, at 12:23, Peter Newton wrote:

> Yep I don't mind (gulp) displaying the 2 perl scripts.

Kind of you.  I like to see how other folks approach various
problems.  Invariably, I'm able to glean a lesson from doing it.

> One question first though is that while the script is on line
> could someone successefully view the script details that I will
> send with the intent to breach security on to my site or even worse
> the server???

I'm just starting to read a little about security issues.  One thing I've
seen recommended is to add taintedness by using the -T switch
with the perl interpretter.  Doing so prevents data received from
outside the script being used in a way that could allow it to interact
with the server (such as strings sent in a form, in which some
malicious goob could send server side includes to try to mess with
the server and such as that).  Checking for the '#' symbol in
returned params would also be a good idea, I think.

> Also re: "VIEW LIST NOT WORKING!" entry  I've included an extra line
> which points to an html file containing the list info. I will update
> it manually for you. I noticed that you are the only Netscape 4.5
> browser on the list so Could anyone else let me know if the view list
> link on the entry form doesn't work.

Well, I just viewed the list and saw the entry you're talking about,
but it weren't me. ;-)  Mine's the 4.08 Nav-only entry a few lines up
from there.  I believe I have the only 4.08, the only Opera, and the
only IE5.5 at the moment, though, which I find interesting.  Course,
IIRC, all of the NC's after 4.08 use that version of the Navigator.

And hoowaa! to whomever is the proud lynx user in the list!  I have
that one installed, also, but I forgot. ;-)

Happy new year!


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1 -- QDPGP 2.60
Comment: Keys at http://arch.iwarp.com/mypgp.html

iQCVAwUBOG9E8iEw9uEAOtM/AQG0qQP9GqnXtIXN2fC3yNjOoN50BuvReAAIQ+mr
J1vPhcL+JtpuXvfYZc/3jYHHdpwAghMhu5GYqgVEgzwOmGiYb1dlQpSz0RkAhSWd
4CD2EhtVOHnmZTsqtjhZnthcnBDnqnr8O5+Zoy0ANB4R0y4GypOpXRJXB2uhT1kk
KY+ymzpsL3o=
=dJuV
-----END PGP SIGNATURE-----

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA