Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > Web form CGI, Security?

Reply
Thread Tools

Web form CGI, Security?

 
 
one man army
Guest
Posts: n/a
 
      10-26-2005
I would like to generate a few simple web forms. Is the Perl CGI, and a
cgi-enabled directory, a huge security hole?

I read the lines that say to disable upload, and limit the size of a
POST.

I'm asking my host to install CGI, although I know he is security
conscious.

thanks for your informed opinions
 
Reply With Quote
 
 
 
 
Gunnar Hjalmarsson
Guest
Posts: n/a
 
      10-26-2005
one man army wrote:
> I would like to generate a few simple web forms. Is the Perl CGI, and a
> cgi-enabled directory, a huge security hole?


Together with clueless programmers: Yes.

> I read the lines that say to disable upload, and limit the size of a
> POST.
>
> I'm asking my host to install CGI, although I know he is security
> conscious.


Then convince them that you aren't clueless (´cause you aren't, are you?).

To be safe, you can for instance study
http://www.w3.org/Security/Faq/www-security-faq.html

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
 
Reply With Quote
 
 
 
 
xhoster@gmail.com
Guest
Posts: n/a
 
      10-26-2005
one man army <(E-Mail Removed)> wrote:
> I would like to generate a few simple web forms. Is the Perl CGI, and a
> cgi-enabled directory, a huge security hole?


If you have to ask if it is a security hole, then in your hands it will
be a security hole. Read the CGI security FAQs on the web, and perldoc
perlsec.

>
> I read the lines that say to disable upload,


If you don't need uploads, sure. If you do need upload, then you probably
shouldn't disable it.

> and limit the size of a
> POST.


I good idea if there is a clear limit to how big a legitimate post
can be.

>
> I'm asking my host to install CGI, although I know he is security
> conscious.


In that case, he should be able to provide you with much more
custom-tailored advice than we can.

Xho

--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service $9.95/Month 30GB
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to retrieve form field value if form is EncType=multipart/form-dataForm? Li Zhang ASP .Net 4 02-27-2009 01:23 AM
passing values from one web form to another web form bbawa1@yahoo.com ASP .Net 5 06-12-2007 05:50 AM
<form>...</form> - how to supress blank space after </form> in IE? rob c Javascript 4 12-30-2005 06:10 PM
Another basic question: How to call and show one Web Form from another Web Form? Rob R. Ainscough ASP .Net Web Controls 3 06-14-2005 03:56 PM
passing arguments from web-form to win-form Mart Rogers ASP .Net 3 07-09-2003 07:18 AM



Advertisments