Re^5: Beginner Recommendations

Okay. I have looked at each of those. I guess, I am safe from these, because I don't run third-party code. I try to stay away from that as much as possible. If some program is large and I don't have time to review it, I won't execute it. But as far I am concerned, I don't plan on using a backdoor like putting heredoc at the end of my perl script to try to read someone's memory contents. I try to write useful and safe scripts not use weird tactics to try to break someone's computer or hack into it. I am not a hacker. But see, that's why YOU should upgrade to a more recent version of Perl. I don't have to. As someone who writes and executes his own code, I don't feel like I am in any danger.

Comment on Re^5: Beginner Recommendations

Replies are listed 'Best First'.
Re^6: Beginner Recommendations by haukex (Archbishop) on Jan 24, 2023 at 15:53 UTC
As someone who writes and executes his own code, I don't feel like I am in any danger. I hope you're not self-hosting your CGI scripts...	[reply]
Re^7: Beginner Recommendations by harangzsolt33 (Chaplain) on Jan 24, 2023 at 16:25 UTC
I do host sites which use my perl scripts, yes, but I don't put the value of arguments into system calls or into file open without filtering the incoming characters. Yeah, that would be asking for trouble. I try to stay informed about threats and vulnerabilities that programmers may unintentionally insert into their code. I try to do my part and not write garbage. Lol	[reply]
Re^8: Beginner Recommendations by hv (Prior) on Jan 24, 2023 at 17:01 UTC
I do host sites which use my perl scripts, yes If you are using a perl earlier than 5.18, it is highly likely that your CGI scripts are vulnerable to algorithmic complexity attacks via hash keys, first addressed in the hash overhaul in 5.18. (I was then, and am still now, a member of the Perl security team. At the time I was working for a company with responsibility for the safekeeping of 100s of millions of credit card numbers and associated personal data, and the main bug report leading to that hash overhaul was the single scariest issue I dealt with in my career.)	[reply]
Re^9: Beginner Recommendations by Bod (Parson) on Mar 29, 2023 at 23:43 UTC
Re^10: Beginner Recommendations by hippo (Bishop) on Mar 30, 2023 at 08:48 UTC
Re^9: Beginner Recommendations by harangzsolt33 (Chaplain) on Jan 27, 2023 at 15:19 UTC
Re^10: Beginner Recommendations by marto (Cardinal) on Jan 27, 2023 at 16:39 UTC
Some notes below your chosen depth have not been shown here
Re^6: Beginner Recommendations by marto (Cardinal) on Jan 24, 2023 at 15:53 UTC
"I don't feel like I am in any danger." You also argue against advice to write safe cleaner code.	[reply]


Perl-Sensitive Sunglasses
	PerlMonks