CGI/Perl Guide | Learning Center | Forums | Advertise | Login Site Search: in Perl Guide PerlGuru Forums Learning Ctr

	MAIN INDEX	SEARCH POSTS	WHO'S ONLINE	LOG IN

Home: Perl Programming Help: Advanced: Perl Security

edesign Deleted Jun 15, 2000, 3:42 PM Post #1 of 4 (2594 views) Perl Security Can't Post Hello! My name is Daniel and I have a question about the security of a perl script system I am using. Currently, when users create an account on my site, the script creates a txt file with all of their information. Is that safe? And if not, how else could I do it? Thanks! -Daniel

TheGame+ Deleted Jun 16, 2000, 3:04 AM Post #2 of 4 (2594 views) Re: Perl Security [In reply to] Can't Post A couple of questions you might want to think about : 1. are you using file locking to prevent the file from being corrupted if two people sign up at the same time ? 2. are you making sure people can't input data that might corrupt the text file (e.g. with newlines) ? 3. is your text file located outside the web root of your server, or at least not readable from the web ? 4. do you take regular back-ups of your text file ? 5. do you have an administration tool for managing your user accounts, and is it secure ? 6. do you store credit card information, and if so, did you follow the rules of your merchant account (if any) in terms of security, encryption etc. ? 7. do other people have access to your server, and if so, what have you done to protect the privacy of your users ? And some other considerations, depending on what this is used for : should people only be able to register from your site, how do you prevent double entries (accidental or not), etc.

edesign Deleted Jun 18, 2000, 4:43 PM Post #3 of 4 (2594 views) Re: Perl Security [In reply to] Can't Post Sorry about the double post Jasmine... although, I didn't do it. Just to clear things up -Daniel [This message has been edited by edesign (edited 06-18-2000).]

errr Deleted Jul 5, 2000, 7:53 PM Post #4 of 4 (2594 views) Re: Perl Security [In reply to] Can't Post On the grounds that you're asking such a vague and clueless question, the answer is this: anything _you_ write is insecure and a liability to the system. read the security faq at http://www.perl.com/pub/doc/FAQs/cgi/www-security-faq.html

Announcements     PerlGuru Announcements Perl Programming Help     Frequently Asked Questions     Beginner     Intermediate     Advanced     Regular Expressions     mod_perl     DBI     Win32 Programming Help Fun With Perl     Perl Quizzes - Learn Perl the Fun Way     Perl Golf     Perl Poetry Need a Custom or Prewritten Perl Program?     I need a program that...     I Need a Programmer for Freelance Work     Throw Down The Gauntlet General Discussions     General Questions     Feedback     Tutorial/Article Suggestions for The Learning Cent     Internet Security Other Programming Languages     Javascript     PHP

Search this forum this category all forums for All words Any words Whole Phrase (options)

Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives