No such thing as a small change | |
PerlMonks |
Re: Checking script for security levelby dws (Chancellor) |
on Apr 23, 2001 at 19:41 UTC ( [id://74730]=note: print w/replies, xml ) | Need Help?? |
Security can be indeed be tough to assess, though there is one automatic disqualier that's easy to check: Do the scripts survive taint checking?
Slightly harder, but still doable, is to inspect each file open to verify that any filenames that have been passed in have been correctly de-tainted. (I.e., did the programmer really taint check, or did they do the minimal to make the warning go away?) The rest is application specific.
In Section
Seekers of Perl Wisdom
|
|