Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re: getting a cgi script working

by ivory (Pilgrim)
on Jul 29, 2000 at 00:54 UTC ( [id://25013]=note: print w/replies, xml ) Need Help??


in reply to getting a cgi script working

check out a neat online CGI course at http://www.cgi101.com/class/. It's pretty easy to understand and free :) Plus, the author kindly gives lots of examples and explanations that will probably be very helpful for ya. --Ivory

Replies are listed 'Best First'.
(Ovid) RE(2): getting a cgi script working
by Ovid (Cardinal) on Jul 29, 2000 at 01:22 UTC
    ivory: my sincerest apologies for contradicting you, but I would recommend someone NOT use this online course.
    1. Does not explain taint checking until chapter 16 (and then has subtle errors in her regex and her "manpage" lister won't list all manpages). Taint checking also appears to be the extent of her security knowledge.
    2. Her "taint checking" example also has a glaring security hole. If the form value doesn't pass her taint checking, she prints it back out to the browser. That would allow a hacker could allow a hacker to exploit cross-site scripting vulnerabilites with JavaScript and to do redirects to other sites.
    3. She doesn't use the -w switch, strict, or CGI.pm. Leaving any of those three off is going to cause the Web developer to waste a lot of time debugging things that they'd catch instantly with those three.
    Cheers,
    Ovid
      Hmmm...no problem. I must admit that I neither read the course nor the original post as thuroughly as I should have. Figured a free course might help... :)

      Thanks for pointing out some problems with the course...but the basics are there, right?

      --Ivory

      I've just taken a closer look at this course and would like to add another problem to Ovid's list.

      The CGI parameter parsing routine contains the same bug that I have been banging on about on numerous nodes here. In short, it breaks when given a CGI query string that looks like:

      key1=val1&key2=val2a&key2=val2b

      According to the CGI specs, this is completely valid and both values for the key 'key2' need to be accounted for. The code given in the CGI101 course overwrites the first value with the second.

      Looks like this course should be avoided.

      --
      <http://www.dave.org.uk>

      European Perl Conference - Sept 22/24 2000, ICA, London
      <http://www.yapc.org/Europe/>

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://25013]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (4)
As of 2024-03-29 15:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found