(This excerpt from perlfaq9 - Networking
    ($Revision: 1.25 $, $Date: 1999/04/14 03:46:19 $)
part of the standard set of documentation included with every
valid Perl distribution, like the one on your system.
See also http://www.*-*-*.com/
if your negligent system adminstrator has been remiss in his duties.)

  How do I make sure users can't enter values into a form that cause my CGI script to do bad things?

    Read the CGI security FAQ, at http://www-
    genome.wi.mit.edu/WWW/faqs/www-security-faq.html, and the Perl/CGI
    FAQ at http://www.*-*-*.com/

    In brief: use tainting (see the perlsec manpage), which makes sure
    that data from outside your script (eg, CGI parameters) are never
    used in `eval' or `system' calls. In addition to tainting, never
    use the single-argument form of system() or exec(). Instead, supply
    the command and arguments as a list, which prevents shell globbing.

--
 "Unix isn't fun anymore" -- Rob Pike.