Read perlsec. It's part of the standard perl distribution. Type "perldoc perlsec" at your shell prompt.
| [reply] |
Try Ovid's CGI course. Lesson 3 contains an excellent section on why one shouldn't trust the shell with what the script been (directly) passed, and what damage a malicious user could do.
By the way, it's perl or Perl, not PERL.
-- I'm Not Just Another Perl Hacker
| [reply] |
| [reply] |
I don't have anything on PERL security (not sure if that even exists), but I have an article on Perl (and perl) security at a recent SysAdmin column. I also talk a lot about security in general... you might google my columns for more information.
| [reply] |
Besides perlsec, are there any articles or publications from other sources? Thanks for the help. | [reply] |
| [reply] [d/l] |
And, of course, there's always Google ... | [reply] |