Don't ask to ask, just ask | |
PerlMonks |
Re: Preventing injection attacksby andye (Curate) |
on Apr 02, 2007 at 15:44 UTC ( [id://607853]=note: print w/replies, xml ) | Need Help?? |
Hi Win,
Many people think that, rather than checking for particular things that you don't want, it's better to check that the input is what you do want, and only accept it if it is. For example, instead of saying 'don't accept input with dollar symbols in it', you could say 'only accept input consisting solely of alphanumeric characters and whitespace'. The logic behind this is that, if you try to check for all the possible things that could cause trouble, you're bound to miss some out, perhaps because a particular security problem is only discovered after you write your code - in that situation, there's no way you could have known about it. There are a couple of tools in Perl that can help with this:
I can see you've just asked in the Chatterbox, "Why didn't people like my last post?", and the answer, as far as I can tell, is that some Monks are getting impatient with you because, when people answer your questions by telling you about online documentation, you're not going away and reading that documentation for yourself. (Personally I'm a 'no such thing as a stupid question' person, but not everyone is). You could also take a look at the tips in this article, The Help Vampire, a Spotter's Guide, and if you think that you might be doing some of the things they talk about (such as asking the same question multiple times, and not using your own initiative to understand the documentation), then there are some very useful tips for you to follow, on that page. This is all meant in the very friendliest spirit, and I hope that it reads in that way. After all, Perlmonks is here to answer questions, so everyone is absolutely entitled to ask them! Which is lucky for me, otherwise I'd have been stuck many times. :) Do get back to me with any queries about the 'taint mode' and 'placeholders' stuff above.
Hope that helps, and best wishes, (Other relevant nodes: Database access problem, Perl DBI issue) The tips from the 'help vampire' page are:
Now you know. Stop. Of course, it's not just that easy, or nobody would ever be a Help Vampire at all. Before you ask a question in a community, try to find the answer elsewhere. This way you help yourself by stretching your mind and research abilities, and you learn things more thoroughly too. Plus it's good karma. Always try these avenues first:
In Section
Seekers of Perl Wisdom
|
|