Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Checking script for security level

by arturo (Vicar)
on Apr 23, 2001 at 17:53 UTC ( [id://74712]=note: print w/replies, xml ) Need Help??


in reply to Checking script for security level

That kind of security is pretty tough to assess. I don't see there being an automated tool for that sort of thing, because assessing the risk level of any method requires an understanding of the technology involved (cookies, URL mangling, etc.) , what kind of clients are going to use it (can people read this from public kiosks, or can you tie them down to a particular (group of) workstations?), and human psychology. A lot also depends on how you're identifying individuals. Can you use cookies AND SSL? If so, you might set a cookie with a session ID and the 'secure' flag set to identify your users. Look up "MD5" on this site for some pointers on generating good session IDs.

As for protecting the security of the files on the server, anything that can't be made to run safely under taint mode (-T) should be avoided.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://74712]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (3)
As of 2024-04-25 23:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found