in reply to CGI security take two
Forms can always be modified. People can create their own 'forms'
by writing scripts with LWP and send you whatever they like.
This can be done with secure servers (if you're meaning HTTPS
protocol here), as well as with normal HTTP servers
The important thing is to keep this in mind when you write your
perlscripts, run all CGI scripts in Taintmode (-T), and carefully
check whatever is sent to the script, validate everything, and
never, NEVER trust your input!
--HolyGrail
|