[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Dangerous cgi-script

To: mac-perl@iis.ee.ethz.ch
Subject: Re: [MacPerl] Dangerous cgi-script
From: claes@canit.se (Claes Bjorklund)
Date: Thu, 10 Jul 1997 20:57:35 +0200

>At 9.23 7/10/97, Claes Bjorklund wrote:
>>Is this this cgi script dangerous?
>
>>$math = $FORM{'calc'};
>>$res=eval "$math";
>
>Yes.  Now, it is not as dangerous as it is on a UNIX box, but it is still
>dangerous.  Any Perl statement can be executed by the web user.
>
>Imagine the calculation was something like this, but only more damaging:
>
>        MacPerl::Answer('Erase System Folder?', 'OK')
>
[...]
Hi

How I do a script which is safe,I understand must do some check of the
input, please help me, I am a beginner

Regards

\Claes

--------------------------------------------------
Claes Bjšrklund         http://www.canit.se/~claes
claes@canit.se          finger claes@uno.canit.se
--------------------------------------------------



***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch

Follow-Ups:
- Re: [MacPerl] Dangerous cgi-script
  - From: Christian Huldt <chr@solvare.se>

Prev by Date: [MacPerl] Compiling Runtime
Next by Date: Re: [MacPerl] Checking user-id's and paswords
Prev by thread: Re: [MacPerl] Dangerous cgi-script
Next by thread: Re: [MacPerl] Dangerous cgi-script
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net