Hello Mac Perl Fans There were some postings who had trouble with cgi scripts. The whole thing gets really wired if you also use taint checks. You should do it if you write cgi-skripts, but unfortuanetly the MacPerl does not find it's libaries any more, especially not the cgi.pm. I have written a small example skript: A calculator. you can type in 3*(7-2) and get back the result. the script use the eval function, so complex arithmetic expressions are possible, but a hacker could use the eval function. so input checking is essential, and taint check tests that we have made no silly mistakes. You can test the following skript offline (without webserver): 1) open it with MacPerl 2) check "Taint Check" in the Script Menu. check also "Warnings" if you have not already. 3) run the skript you should see the following message in the MacPerl Window: (offline mode: enter name=value pairs on standard input) 4) type in the parameters. In this example, we have one parameter named calc: calc=4*5 Note: Cgi.pm konverts the + in offline mode to a space. so calc=2+2 does not work offline, but it works online. 5) type CRTL-D to tell MacPerl that input is finished MacPerl will output HTML-Code 6) copy&paste the html-code and proof it with a browser And now the skript: #!perl -wT #---------------------------------------------------------------- # calc.pl - simple calculator # with high security # using taint check on Mac # If you do CGI, you should turn Taint Check on # (MacPerl: Script Menu) # Unfortunately we need the following Lines on MacPerl # you also need at least MacPerl 5.16 BEGIN { my $f = $ENV{MACPERL}; $f =~ /^(.+)$/; unshift @INC, "${1}lib:$MacPerl::Architecture:", "${1}lib:"; # uncomment next line if you can not include CGI.pm # print @INC, "\n"; } #-------------------- # now the real stuff: use CGI qw(:standard); # load CGI Modul print header; # generates Content-type... print start_html('Simple Calculator'), h1("Calculator"); # headline print start_form, "calculate: ", textfield('calc'), submit, endform, hr, "\n"; if( param() ) # if not first time called { # then we also print result $userinput = param('calc'); # now check if user has not put in bad chars # otherwise the user could type in something like # "unlink('::Systemfolder:Finder');" if($userinput =~ /^([0-9+*\/\-\(\) ]+)$/ ) { $tocalc = $1; # $1 is all in parens of regex above $result = eval($tocalc); # use perl to compute the result print "The result of $tocalc ist $result"; } else { print "please put in only numbers and operators."; } } print end_html; # standard HTML End ------------------------- End of Skript If you can read german, you can see the unix-version of this script in action and also get more info about internet and mac security at my website: http://meier-online.com/develop/safety regards Karsten Meier --------------------------------------------------------------------- Karsten Meier WWW: http://meier-online.com with following highlights: * German MacPerl Primer * XTensions for use with QuarkXPress EMail krstnmr@ibm.net Unsolicited and/or commercial email is not permitted at this address. ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch