Safe Scripting in Perl — don’t trust the user
This covers some interesting thoughts about using Perl from a security perspective where you don't trust the user.
- Use taint to make sure that tainted variables (that came from user input or environment variables) never make it into system/exec calls.
- When using an optimized regular expression, use the /Q /E metacharacter to prevent an eval statement from running arbitrary code.
- Tips and techniques for running a script as a specific user instead of "nobody".
Comments Off on Safe Scripting in Perl — don’t trust the user