How to prevent XSS attacks ?

Discussion in 'Perl Misc' started by rthangam, Feb 10, 2009.

  1. rthangam

    rthangam Guest

    rthangam, Feb 10, 2009
    #1
    1. Advertising

  2. rthangam

    Tim Greer Guest

    rthangam wrote:

    > I have my own website which runs on mod_perl. I need to prevent my
    > website from XSS ( Cross-site scripting ) attacks. Can anyone tell me
    > which is the best way of doing it ?. I found the following links to
    > handle it:
    >
    > http://www.howtoforge.com/apache_mod_security
    >

    http://search.cpan.org/~lindner/Apache-TaintRequest-0.10/TaintRequest.pm
    >
    > Which of these is better also is there any other ways to handle the
    > XSS attacks?.


    If you don't write code that opens that potential, you needn't worry
    about using things like mod_security. That's just a way to stop
    attacks on vulnerable scripts before it hits the script, which is
    backward thinking for resolving a problem (if you control the script).
    Exactly what things are you doing (and how are you going about doing
    them) where you're introducing the potential for an XSS attack issue?
    --
    Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
    and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
    Industry's most experienced staff! -- Web Hosting With Muscle!
     
    Tim Greer, Feb 10, 2009
    #2
    1. Advertising

  3. rthangam

    rthangam Guest

    On Feb 10, 12:33 pm, Tim Greer <> wrote:
    > rthangam wrote:
    > > I have my own website which runs on mod_perl. I need to prevent my
    > > website from XSS ( Cross-site scripting ) attacks. Can anyone tell me
    > > which is the best way of doing it ?. I found the following links to
    > > handle it:

    >
    > >http://www.howtoforge.com/apache_mod_security

    >
    > http://search.cpan.org/~lindner/Apache-TaintRequest-0.10/TaintRequest.pm
    >
    >
    >
    > > Which of these is better also is there any other ways to handle the
    > > XSS attacks?.

    >
    > If you don't write code that opens that potential, you needn't worry
    > about using things like mod_security.  That's just a way to stop
    > attacks on vulnerable scripts before it hits the script, which is
    > backward thinking for resolving a problem (if you control the script).
    > Exactly what things are you doing (and how are you going about doing
    > them) where you're introducing the potential for an XSS attack issue?
    > --
    > Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    > Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
    > and Custom Hosting.  24/7 support, 30 day guarantee, secure servers.
    > Industry's most experienced staff! -- Web Hosting With Muscle!


    Right now it is possible to tamper the URL since I am not encoding and
    decoding the URL.
    Will the problem get solved if i encode and decode the URL ?
     
    rthangam, Feb 13, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron

    asp.net XSS protection

    Aaron, Apr 19, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    1,549
    Brock Allen
    Apr 19, 2005
  2. Replies:
    3
    Views:
    784
    Lee Harr
    Jun 16, 2006
  3. cummings695

    Help with validateRequest (XSS)

    cummings695, Dec 14, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    455
    cummings695
    Dec 14, 2006
  4. ABCL

    How XSS works in Frame?

    ABCL, Feb 6, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    404
  5. Replies:
    0
    Views:
    270
Loading...

Share This Page