Web form CGI, Security?

Discussion in 'Perl Misc' started by one man army, Oct 26, 2005.

  1. one man army

    one man army Guest

    I would like to generate a few simple web forms. Is the Perl CGI, and a
    cgi-enabled directory, a huge security hole?

    I read the lines that say to disable upload, and limit the size of a
    POST.

    I'm asking my host to install CGI, although I know he is security
    conscious.

    thanks for your informed opinions
    one man army, Oct 26, 2005
    #1
    1. Advertising

  2. one man army wrote:
    > I would like to generate a few simple web forms. Is the Perl CGI, and a
    > cgi-enabled directory, a huge security hole?


    Together with clueless programmers: Yes.

    > I read the lines that say to disable upload, and limit the size of a
    > POST.
    >
    > I'm asking my host to install CGI, although I know he is security
    > conscious.


    Then convince them that you aren't clueless (┬┤cause you aren't, are you?).

    To be safe, you can for instance study
    http://www.w3.org/Security/Faq/www-security-faq.html

    --
    Gunnar Hjalmarsson
    Email: http://www.gunnar.cc/cgi-bin/contact.pl
    Gunnar Hjalmarsson, Oct 26, 2005
    #2
    1. Advertising

  3. one man army

    Guest

    one man army <> wrote:
    > I would like to generate a few simple web forms. Is the Perl CGI, and a
    > cgi-enabled directory, a huge security hole?


    If you have to ask if it is a security hole, then in your hands it will
    be a security hole. Read the CGI security FAQs on the web, and perldoc
    perlsec.

    >
    > I read the lines that say to disable upload,


    If you don't need uploads, sure. If you do need upload, then you probably
    shouldn't disable it.

    > and limit the size of a
    > POST.


    I good idea if there is a clear limit to how big a legitimate post
    can be.

    >
    > I'm asking my host to install CGI, although I know he is security
    > conscious.


    In that case, he should be able to provide you with much more
    custom-tailored advice than we can.

    Xho

    --
    -------------------- http://NewsReader.Com/ --------------------
    Usenet Newsgroup Service $9.95/Month 30GB
    , Oct 26, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    337
    John C. Bollinger
    Aug 4, 2003
  2. excord80
    Replies:
    17
    Views:
    615
    J Kenneth King
    Jan 29, 2009
  3. huoge
    Replies:
    0
    Views:
    154
    huoge
    Jul 11, 2003
  4. Replies:
    0
    Views:
    157
  5. Stefan Fischer
    Replies:
    2
    Views:
    237
    Stefan Fischer
    Feb 23, 2010
Loading...

Share This Page