Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: •Re: anti leech CGI

by zigdon (Deacon)
on Oct 30, 2002 at 13:24 UTC ( [id://209053]=note: print w/replies, xml ) Need Help??


in reply to •Re: anti leech CGI
in thread anti leech CGI

While true that reinventing the wheel is a bad idea, wouldn't this work ok if it were just IP based?: 
my $remote = $ENV{REMOTE_ADDR};
return(0) unless grep /$remote/, @$hosts;

[download]
BTW, wouldn't taint have caught this? He's trusting user supplied data (DNS name) in an unsafe way.

Update: See merlyn's reply on how to do this right.

-- Dan

Replies are listed 'Best First'.
•Re: Re: •Re: anti leech CGI
by merlyn (Sage) on Oct 30, 2002 at 15:41 UTC 
    my $remote = $ENV{REMOTE_ADDR};
return(0) unless grep /$remote/, @$hosts;

    [download]
    No, because the point is that you're using a regex where you want an exact match, and it's not anchored either!

    This is better: 

    my $remote = $ENV{REMOTE_ADDR};
return 0 unless grep $remote eq $_, @$hosts;

    [download]
    wouldn't taint have caught this? He's trusting user supplied data (DNS name) in an unsafe way.
    No, because simply doing a regex match isn't considered "external" enough for tainted data to abort it.

    -- Randal L. Schwartz, Perl hacker
    Be sure to read my standard disclaimer if this is a reply.

[reply]
[d/l]
[select]

In Section Cool Uses for Perl

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://209053]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (4)
As of 2024-04-19 21:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found