Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

(dws)Re: use PerlScript && die;

by dws (Chancellor)
on Sep 04, 2001 at 21:22 UTC ( #110094=note: print w/replies, xml ) Need Help??

in reply to use PerlScript && die;

PerlScript's default security being set to "local" zones is ok surely? NO! It's not ok. Imagine being sent an email with an attachment - it's a .html. It got through your virus scanners because they can't scan for malicious perl code and it looks just like a regular html page. It's stored locally on your hard disk before you open it in Outlook Express. You open it and BANG!

"Doctor, it hurts when I use Outlook Express!"

Seriously, though, you raise a few good points. But as with many things in life, this is a trade-off. PerlScript enables wonderful things like ActiveState's Win32::OLE Type Library Browser. And, for those who're motivated to do so, it allows the browser to be used as a very limited UI platform.

Trade this off against the probability of being attacked. Your average script-kiddie is unlikely to bother with a PerlScript-based attack, because percentages are so low. Unless they're targeting a Perl mailing list, the chance of getting hits based on a broadcast spam attack are pretty slim. I have PerlScript installed on my box at work. My work email address is generally unknown, and isn't on any mailing lists. I have no fear of attack there (except, perhaps, from my coworkers. But they phear me :-)

Replies are listed 'Best First'.
Re: (dws)Re: use PerlScript && die;
by $code or die (Deacon) on Sep 04, 2001 at 22:38 UTC
    Yep, the Win32::OLE browser is nice. I compiled ActivePerl 629 source last week and it broke my OLE browser. I miss it and am contemplating re-installing from the MSI. Or I might just rewrite the OLE browser in Tk or Win32::GUI. If I do, I'll post it here.

    I also notice that the ActivePerl source doesn't have the other nice things like ppm or the html docs. But mine worked because I compiled it on top of build 628.

    I agree that the average script kiddie is unlikely to use PerlScript, but I think it's only a matter of time. It's just so easy to get into someone's system without them realising it.

    Error: Keyboard not attached. Press F1 to continue.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://110094]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (2)
As of 2022-08-09 19:27 GMT
Find Nodes?
    Voting Booth?

    No recent polls found