Welcome to the Monastery | |
PerlMonks |
Re: 標eb Securityby samtregar (Abbot) |
on Jun 22, 2002 at 19:36 UTC ( [id://176515]=note: print w/replies, xml ) | Need Help?? |
Hhaha, that's a good one. Here's one I found recently that you might like:
Very nice, eh? Add that to the fact that the rest of the application uses environment variables for configuration and security and you've got a gaping security hole. I had to spend at least a half an hour explaining why this wasn't such a good idea in an application that takes credit card data. The worst thing is, the guy that wrote it is generally a good programmer. He'd just gotten into a "not my problem" mindset. Someone asked him to make all CGI params available as environment variables and he just did it! -sam
In Section
Meditations
|
|