Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

(Ovid) Re(2): Preventing DOS attacks with CGI.pm

by Ovid (Cardinal)
on Aug 10, 2001 at 01:47 UTC ( [id://103663]=note: print w/replies, xml ) Need Help??


in reply to Re: Preventing DOS attacks with CGI.pm
in thread Preventing DOS attacks with CGI.pm

Since Lincoln Stein has added these global variables in CGI.pm, he's clearly aware of DOS problems. He has these fairly well documented in his POD, so I also wonder why they're not set. My guess is that he realizes that there is a hole here but he's trying to maintain backwards compatibility.

I understand that one or both of these variables have been removed in CGI.pm versions 3+, so I'm curious how this situation has been addressed. tachyon raised this issue in this post about a security problem with 3.01. Since these globals don't appear to be present, it seems that this code wouldn't work for the newer versions.

Cheers,
Ovid

Vote for paco!

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Replies are listed 'Best First'.
Re^3: Preventing DOS attacks with CGI.pm
by tadman (Prior) on Aug 10, 2001 at 04:38 UTC
    CGI.pm version 3 is fairly bizarre. CPAN was "kind" enough to install it for me, and everything went to pot quite quickly. It had a tendency to declare the parameters as a non-scalar type CGI::Object. I'm not sure this is going to be a drop in replacement if that approach is taken, so there is no better time to fix all these outstanding issues.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://103663]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (7)
As of 2024-03-28 17:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found