We don't bite newbies here... much | |
PerlMonks |
Re: Security bug in CGI::Lite::escape_dangerous_chars()by Ovid (Cardinal) |
on Feb 11, 2003 at 22:26 UTC ( [id://234542]=note: print w/replies, xml ) | Need Help?? |
Not having used CGI::Lite before, I never noticed that function, but I have to admit that I'm a bit puzzled. It seems to me that an experienced programmer should have noticed something named escape_dangerous_characters() before this. Trying to eliminate the dangerous is far more difficult than simply allowing the safe. Allow for too few "safe" characters, you restrict your functionality; allow for too few "dangerous" characters and you restrict your paychecks. Cheers, New address of my CGI Course.
In Section
Perl News
|
|