Taint checking
'perl --help' reveals a lot of options for Perl compiler.
Two of them are:
-t enable tainting warnings
-T enable tainting checks
What is Taint Checking?
Data can be tainted by a malacious user. Often when making CGI scripts, the arguments can be changed, client-side checks by-passed. A good example of SQL maniplulation is illustrated here @ Unixwiz.
I have seen many scripts that simply do what they are supposed but have plenty of loop-holes to be exploited and mis-used. That is where smart programmers who can think like crackers save companies & web-sites from falling into abyss without everknowing that they are sinking!
It pays to glance through your web-logs once in a while and see if any one has been acting funny. My first web-site project was developing LANScan. It was a web-based search engine for LAN's (local networks). I would often see web logs to see what users were inputting for query strings. What was supposed to be a simple english words search engine was also getting regular expressions searches like '*', '*.*', 'english|English' etc. Clearly, users were software engineers who were smart, innovative; those who tried to get the maximum juice out for they efforts. That prompted me to add regular expression search for LANScan. Initially I had seperate input-boxes for regular english word search and one for regular expression search. Now some smarties tried to regular expression in egnlish-word-only box. "Tinker-tinker-tinker till it breaks" was their golden rule perhaps. Ultimately I had one box on site that handled english-words, non-english-words, regular-expressions, badly-formed regular-expression and everything I could think of. Building robust systems is different from just getting the darn thing to work.
Thus, it is important to validate each user-input to ensure script does not perform unexpected operations and keep a regular check on your web-logs. It tells you what your users want and that is important!
Two of them are:
-t enable tainting warnings
-T enable tainting checks
What is Taint Checking?
Data can be tainted by a malacious user. Often when making CGI scripts, the arguments can be changed, client-side checks by-passed. A good example of SQL maniplulation is illustrated here @ Unixwiz.
I have seen many scripts that simply do what they are supposed but have plenty of loop-holes to be exploited and mis-used. That is where smart programmers who can think like crackers save companies & web-sites from falling into abyss without everknowing that they are sinking!
It pays to glance through your web-logs once in a while and see if any one has been acting funny. My first web-site project was developing LANScan. It was a web-based search engine for LAN's (local networks). I would often see web logs to see what users were inputting for query strings. What was supposed to be a simple english words search engine was also getting regular expressions searches like '*', '*.*', 'english|English' etc. Clearly, users were software engineers who were smart, innovative; those who tried to get the maximum juice out for they efforts. That prompted me to add regular expression search for LANScan. Initially I had seperate input-boxes for regular english word search and one for regular expression search. Now some smarties tried to regular expression in egnlish-word-only box. "Tinker-tinker-tinker till it breaks" was their golden rule perhaps. Ultimately I had one box on site that handled english-words, non-english-words, regular-expressions, badly-formed regular-expression and everything I could think of. Building robust systems is different from just getting the darn thing to work.
Thus, it is important to validate each user-input to ensure script does not perform unexpected operations and keep a regular check on your web-logs. It tells you what your users want and that is important!