CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
Search Posts SEARCH
Who's Online WHO'S
Log in LOG

Home: Perl Programming Help: Beginner:
Security script



Jan 7, 2001, 3:52 PM

Post #1 of 2 (431 views)
Security script Can't Post


I have gone through the vast information written on script security. Wow!

I have a script that works very like this forum. It accepts text in textboxes and then allows it to be displayed to everyone. In addition, it accepts email addresses and allows an email to be sent to that address e.g a password reminder.

Does anyone have an all inclusive script code that filters what a user submits and amends/rejects it as a result of illegal content like open(), pipes etc. (this script would probably be long but would be worth it to protect a web server).

Many thanks,



Jan 7, 2001, 7:20 PM

Post #2 of 2 (425 views)
Re: Security script [In reply to] Can't Post

Well the user hopefully isn't going to be able to post code that will be executed. And depending on your file database you'll want to parse out things. (I assume your useing pipes)

Here is usually how I do it:

$message = &RemoveBad($message);

sub RemoveBad {
my $text = shift;
$text =~ s/\|/\& #124/sg; # remove pipes & space!
$text =~ s/</& lt;/g; # parse out HTML (remove space)
$text =~ s/>/& gt;/g; # remove space!
$text =~ s/\n/< br>/sg; #remove space!
$text =~ s/\n\n/<p>/sg;
$text =~ s/\r//sg;
$text =~ s/\n\r\n/<p>/sg;
return $text;

for increased security you might want to check out -wT swictches and use strict; module.



Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives