CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
Security script

 



waherne
Novice

Jan 7, 2001, 3:52 PM

Post #1 of 2 (431 views)
Security script Can't Post

Hi,

I have gone through the vast information written on script security. Wow!

I have a script that works very like this forum. It accepts text in textboxes and then allows it to be displayed to everyone. In addition, it accepts email addresses and allows an email to be sent to that address e.g a password reminder.

Does anyone have an all inclusive script code that filters what a user submits and amends/rejects it as a result of illegal content like open(), pipes etc. (this script would probably be long but would be worth it to protect a web server).

Many thanks,

Willie





zanardi
journeyman

Jan 7, 2001, 7:20 PM

Post #2 of 2 (425 views)
Re: Security script [In reply to] Can't Post

Well the user hopefully isn't going to be able to post code that will be executed. And depending on your file database you'll want to parse out things. (I assume your useing pipes)

Here is usually how I do it:

$message = &RemoveBad($message);

sub RemoveBad {
my $text = shift;
$text =~ s/\|/\& #124/sg; # remove pipes & space!
$text =~ s/</& lt;/g; # parse out HTML (remove space)
$text =~ s/>/& gt;/g; # remove space!
$text =~ s/\n/< br>/sg; #remove space!
$text =~ s/\n\n/<p>/sg;
$text =~ s/\r//sg;
$text =~ s/\n\r\n/<p>/sg;
return $text;
}

for increased security you might want to check out -wT swictches and use strict; module.

My BBS

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives