Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Checking script for security level

by dws (Chancellor)
on Apr 23, 2001 at 19:41 UTC ( [id://74730]=note: print w/replies, xml ) Need Help??


in reply to Checking script for security level

Security can be indeed be tough to assess, though there is one automatic disqualier that's easy to check: Do the scripts survive taint checking?

Slightly harder, but still doable, is to inspect each file open to verify that any filenames that have been passed in have been correctly de-tainted. (I.e., did the programmer really taint check, or did they do the minimal to make the warning go away?)

The rest is application specific.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://74730]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others lurking in the Monastery: (2)
As of 2024-04-26 00:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found