CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced:
Perl Security

 



edesign
Deleted

Jun 15, 2000, 3:42 PM

Post #1 of 4 (1248 views)
Perl Security Can't Post

Hello! My name is Daniel and I have a question about the security of a perl script system I am using. Currently, when users create an account on my site, the script creates a txt file with all of their information. Is that safe? And if not, how else could I do it? Thanks!

-Daniel


TheGame+
Deleted

Jun 16, 2000, 3:04 AM

Post #2 of 4 (1248 views)
Re: Perl Security [In reply to] Can't Post

A couple of questions you might want to think about :
1. are you using file locking to prevent the file from being corrupted if two people sign up at the same time ?
2. are you making sure people can't input data that might corrupt the text file (e.g. with newlines) ?
3. is your text file located outside the web root of your server, or at least not readable from the web ?
4. do you take regular back-ups of your text file ?
5. do you have an administration tool for managing your user accounts, and is it secure ?
6. do you store credit card information, and if so, did you follow the rules of your merchant account (if any) in terms of security, encryption etc. ?
7. do other people have access to your server, and if so, what have you done to protect the privacy of your users ?

And some other considerations, depending on what this is used for : should people only be able to register from your site, how do you prevent double entries (accidental or not), etc.


edesign
Deleted

Jun 18, 2000, 4:43 PM

Post #3 of 4 (1248 views)
Re: Perl Security [In reply to] Can't Post

Sorry about the double post Jasmine... although, I didn't do it. Just to clear things up Smile

-Daniel

[This message has been edited by edesign (edited 06-18-2000).]


errr
Deleted

Jul 5, 2000, 7:53 PM

Post #4 of 4 (1248 views)
Re: Perl Security [In reply to] Can't Post

On the grounds that you're asking such a vague and clueless question, the answer is this:
anything _you_ write is insecure and a liability to the system.

read the security faq at http://www.perl.com/pub/doc/FAQs/cgi/www-security-faq.html

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives