// Internet Duct Tape

Safe Scripting in Perl — don’t trust the user

Posted in Links, Perl, Technology by engtech on May 06, 2006

This covers some interesting thoughts about using Perl from a security perspective where you don't trust the user.

  • Use taint to make sure that tainted variables (that came from user input or environment variables) never make it into system/exec calls.
  • When using an optimized regular expression, use the /Q /E metacharacter to prevent an eval statement from running arbitrary code.
  • Tips and techniques for running a script as a specific user instead of "nobody".

WWW Security FAQ: Safe Scripting in Perl

Comments Off on Safe Scripting in Perl — don’t trust the user

%d bloggers like this: