guestbook in "Learning Perl", 2nd Ed. 
Author Message
 guestbook in "Learning Perl", 2nd Ed.

Hi

I am trying to modify the guestbook program given on p. 198 of the new
addition of Learning Perl by Schwartz & Christianson.  I am concerned
about security for my cgi-bin directory which is being run under my user
name.  Consequently I want to check for meta-characters and other nasties
being entered into my guestbook.  The Perl syntax for the checking
routine is not a problem, I just cannot seem to find the right variable
to check.  I suspect that I am not as familiar with some of the objects
used in this program as I ought to be.

The folks at O'Reilly suggested that I do this in lieu of e-mailing the
authors.

I appreciate any help that you can give.  E-mail preferred.

MLD

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>   Mike Denniston, Assoc Prof, Chemistry             <>  
<>   DeKalb College CD1143                             <>
<>   555 N. Indian Creek Dr., Clarkston, GA 30021      <>
<>   Phone [404]-299-4097, 298-3913 FAX [404]-298-3833 <>      


<><><><><><><><><><><><><><><><><><><><><><><><><><><><><>



Fri, 07 Apr 2000 03:00:00 GMT  
 guestbook in "Learning Perl", 2nd Ed.



Quote:
>I am trying to modify the guestbook program given on p. 198 of the new
>addition of Learning Perl by Schwartz & Christianson.  I am concerned
>about security for my cgi-bin directory which is being run under my user
>name.  Consequently I want to check for meta-characters and other nasties
>being entered into my guestbook.  

It would be better to run perl -T and to read and understand  _The
World Wide Web Security FAQ_
(http://www.genome.wi.mit.edu/WWW/faqs/) than just to check for
meta-characters.

Quote:
>The Perl syntax for the checking
>routine is not a problem, I just cannot seem to find the right variable
>to check.  I suspect that I am not as familiar with some of the objects
>used in this program as I ought to be.

Then please ask about the specific stuff you don't understand.  The
point of that chapter is not to give you a nifty guest book script,
but for you to learn and understand something.  If you haven't
already, please read the book from cover to cover and then try to play
with the last chapter.

Quote:
> E-mail preferred.

I prefer Usenet, but often do use both.

HTH

Faust Gertz
Philosopher at Large

"If only you had plead guilty!  We can manage the guilty - it is
the innocent who escape us, who cause nothing but anarchy" --
 Jean Cocteau's _Bacchus_



Fri, 07 Apr 2000 03:00:00 GMT  
 guestbook in "Learning Perl", 2nd Ed.



Quote:
>I am trying to modify the guestbook program given on p. 198 of the new
>addition of Learning Perl by Schwartz & Christianson.  I am concerned
>about security for my cgi-bin directory which is being run under my user
>name.  Consequently I want to check for meta-characters and other nasties
>being entered into my guestbook.  

It would be better to run perl -T and to read and understand  _The
World Wide Web Security FAQ_
(http://www.genome.wi.mit.edu/WWW/faqs/) than just to check for
meta-characters.

Quote:
>The Perl syntax for the checking
>routine is not a problem, I just cannot seem to find the right variable
>to check.  I suspect that I am not as familiar with some of the objects
>used in this program as I ought to be.

Then please ask about the specific stuff you don't understand.  The
point of that chapter is not to give you a nifty guest book script,
but for you to learn and understand something.  If you haven't
already, please read the book from cover to cover and then try to play
with the last chapter.

Quote:
> E-mail preferred.

I prefer Usenet, but often do use both.

HTH

Faust Gertz
Philosopher at Large

"If only you had plead guilty!  We can manage the guilty - it is
the innocent who escape us, who cause nothing but anarchy" --
 Jean Cocteau's _Bacchus_
========= WAS CANCELLED BY =======:

Rogue cancel from Michael Enlow, X-Cancelled-by etc. are forged.
Further information can be acquired at http://www.sputum.com/ucepage.htm
You can express your displeasure with Mr. Enlow by contacting him at:


Newsgroups: comp.lang.perl.misc
Path: ...!news.tamu.edu!newshost.comco.com!news.altair.com!uwvax!uwm.edu!vixen.cso.uiuc.edu!howland.erols.net!news-peer.gsl.net!news-tokyo.gip.net!news.gsl.net!gip.net!nspixp!newsfeed.btnis.ad.jp!newsfeed1.btnis.ad.jp!news.fsinet.or.jp!ubc.co.jp!nobody




X-No-Archive: Yes


Organization: UBC
Date: Tue, 21 Oct 1997 00:26:31 GMT
Lines: 2

This article cancelled within Tin.



Fri, 07 Apr 2000 03:00:00 GMT  
 guestbook in "Learning Perl", 2nd Ed.



Quote:
>I am trying to modify the guestbook program given on p. 198 of the new
>addition of Learning Perl by Schwartz & Christianson.  I am concerned
>about security for my cgi-bin directory which is being run under my user
>name.  Consequently I want to check for meta-characters and other nasties
>being entered into my guestbook.  

It would be better to run perl -T and to read and understand  _The
World Wide Web Security FAQ_
(http://www.genome.wi.mit.edu/WWW/faqs/) than just to check for
meta-characters.

Quote:
>The Perl syntax for the checking
>routine is not a problem, I just cannot seem to find the right variable
>to check.  I suspect that I am not as familiar with some of the objects
>used in this program as I ought to be.

Then please ask about the specific stuff you don't understand.  The
point of that chapter is not to give you a nifty guest book script,
but for you to learn and understand something.  If you haven't
already, please read the book from cover to cover and then try to play
with the last chapter.

Quote:
> E-mail preferred.

I prefer Usenet, but often do use both.

HTH

Faust Gertz
Philosopher at Large

"If only you had plead guilty!  We can manage the guilty - it is
the innocent who escape us, who cause nothing but anarchy" --
 Jean Cocteau's _Bacchus_
========= WAS CANCELLED BY =======:

Rogue cancel from Michael Enlow, X-Cancelled-by etc. are forged.
Further information can be acquired at http://www.sputum.com/ucepage.htm
You can express your displeasure with Mr. Enlow by contacting him at:


Newsgroups: comp.lang.perl.misc
Path: ...!news.tamu.edu!newshost.comco.com!news.altair.com!uwvax!uwm.edu!vixen.cso.uiuc.edu!howland.erols.net!news-peer.gsl.net!news-tokyo.gip.net!news.gsl.net!gip.net!nspixp!newsfeed.btnis.ad.jp!newsfeed1.btnis.ad.jp!news.fsinet.or.jp!ubc.co.jp!nobody




X-No-Archive: Yes


Organization: UBC
Date: Tue, 21 Oct 1997 00:26:31 GMT
Lines: 2

This article cancelled within Tin.



Fri, 07 Apr 2000 03:00:00 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. Learning Perl, 2nd Ed - hash slice example...confused

2. Perl Cookbook 2nd Ed. ?

3. Programming Perl 2nd Ed.

4. Errata list for Programming Perl, 2nd Ed.?

5. system("ed <stuff>")

6. : A simple "Guestbook" script, please

7. SECURITY HOLE: "Guestbook"

8. FS: "Learning Perl"

9. "Learning Perl" exercises

10. "Learning Perl" exercise question

11. exercise question from "Learning Perl"

12. "Learning Perl"

 

 
Powered by phpBB® Forum Software