R
robert.waters
Hi,
I need to be able to input text into an html form that is submitted to
my perl cgi script (using CGI.pm), and subsequently written to a
database (using DBI, mysql). The script will be secured using access
permissions, but 'just in case', I would like to know what security
issues I need to be alert for as far as cgi input sanitization is
concerned.
My problem is, I need to be able to input *any* text to the cgi script
(for all intents and purposes, I'll call the page a 'blog', and the
form+cgi+db serves to allow me to post new content from the web), so
filtering seems moot.
Should I have urlencoded data entered into the database (and urldecoded
before it is written out to the result page)? Do I even need to worry?
I've done as much research as I can (google, perldocs, cgi faqs) but I
am at a stand-still.
example query:
"INSERT INTO (field) VALUES ($cgiobj->param('cgi-parameter'))"; where
'field' is varchar and parameter should be able to include any text.
This issue is absolutely stopping the development of my website right
now.
Thank you in advance!
-Robert
I need to be able to input text into an html form that is submitted to
my perl cgi script (using CGI.pm), and subsequently written to a
database (using DBI, mysql). The script will be secured using access
permissions, but 'just in case', I would like to know what security
issues I need to be alert for as far as cgi input sanitization is
concerned.
My problem is, I need to be able to input *any* text to the cgi script
(for all intents and purposes, I'll call the page a 'blog', and the
form+cgi+db serves to allow me to post new content from the web), so
filtering seems moot.
Should I have urlencoded data entered into the database (and urldecoded
before it is written out to the result page)? Do I even need to worry?
I've done as much research as I can (google, perldocs, cgi faqs) but I
am at a stand-still.
example query:
"INSERT INTO (field) VALUES ($cgiobj->param('cgi-parameter'))"; where
'field' is varchar and parameter should be able to include any text.
This issue is absolutely stopping the development of my website right
now.
Thank you in advance!
-Robert