CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
Not used characters in file name!

 



mmcw
User

Dec 4, 2000, 8:48 AM

Post #1 of 2 (171 views)
Not used characters in file name! Can't Post

I have a few questions:

1: What characters may or can not be used in file names?

2: What characters can course problems in perl when used in input fields with will be used as an input in a script.

3: What character should be stripped from the a input fields that use as an input for an script that can be used to abuse the script. Or worse your server.


sleuth
Enthusiast

Dec 5, 2000, 10:42 AM

Post #2 of 2 (171 views)
Re: Not used characters in file name! [In reply to] Can't Post

 
Well, stuff like "|\^$@!~`*" all means something in regular expressions, so I asume that if you preform a regex on what someone sent to your script and one of thoses characters was in there, then they might cause an internal server error, or worse yet actually do something nasty to the data you were trying to manip. I haven't done any tests yet, but now I will just to see. Also, depending on what you use to separate your fields, maybe a pipe, if they put a pipe in the input field and you write that to your data base, that record is then corrupted, because the fields wouldn't in the same order as the rest of the records.

According to Corel's Paradox, the world would be comming to an end and the whole data base would be totally un-usable.

As far as someone messing up your server by way of input field, I think you have to be running system or eval commands for something like that to happen, but that's something I don't have expirience with, you'll just have to search around for some security docs. There are a ton of cgi-security docs out there.

Sleuth

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives