Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

(dws)Re: use PerlScript && die;

by dws (Chancellor)
on Sep 04, 2001 at 21:22 UTC ( [id://110094]=note: print w/replies, xml ) Need Help??


in reply to use PerlScript && die;

PerlScript's default security being set to "local" zones is ok surely? NO! It's not ok. Imagine being sent an email with an attachment - it's a .html. It got through your virus scanners because they can't scan for malicious perl code and it looks just like a regular html page. It's stored locally on your hard disk before you open it in Outlook Express. You open it and BANG!

"Doctor, it hurts when I use Outlook Express!"

Seriously, though, you raise a few good points. But as with many things in life, this is a trade-off. PerlScript enables wonderful things like ActiveState's Win32::OLE Type Library Browser. And, for those who're motivated to do so, it allows the browser to be used as a very limited UI platform.

Trade this off against the probability of being attacked. Your average script-kiddie is unlikely to bother with a PerlScript-based attack, because percentages are so low. Unless they're targeting a Perl mailing list, the chance of getting hits based on a broadcast spam attack are pretty slim. I have PerlScript installed on my box at work. My work email address is generally unknown, and isn't on any mailing lists. I have no fear of attack there (except, perhaps, from my coworkers. But they phear me :-)

Replies are listed 'Best First'.
Re: (dws)Re: use PerlScript && die;
by $code or die (Deacon) on Sep 04, 2001 at 22:38 UTC
    Yep, the Win32::OLE browser is nice. I compiled ActivePerl 629 source last week and it broke my OLE browser. I miss it and am contemplating re-installing from the MSI. Or I might just rewrite the OLE browser in Tk or Win32::GUI. If I do, I'll post it here.

    I also notice that the ActivePerl source doesn't have the other nice things like ppm or the html docs. But mine worked because I compiled it on top of build 628.

    I agree that the average script kiddie is unlikely to use PerlScript, but I think it's only a matter of time. It's just so easy to get into someone's system without them realising it.

    Error: Keyboard not attached. Press F1 to continue.
[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://110094]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (5)
As of 2024-04-25 13:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found