More on Form Security
Peter Murray
pem at po.cwru.edu
Sun Jan 11 18:28:18 EST 1998
One place to find information and tips on CGI security is the "WWW Security
FAQ". It can be found at:
http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.html
Peter
--On Tue, Jan 6, 1998 11:49 AM -0800 "Elizabeth H. Hamilton"
<hamilte at one.net> wrote:
> I think I found the answer to my first question. The form I spoke of in my
> earlier post "Form Security" would not be secure because what would keep a
> user from using another form to call my script!? In their form, they could
> "hardcode" metachracters into the place where I would have put the email
> addresses!
>
> Apparently the only secure route is to check all input on that field
> for metacharacters. Let me dust off my Perl regexes and get to work!
>
> Back to the drawing board! ;-)
>
> Thanks again!
>
> Liz
>
> ------------------
> Elizabeth Hamilton,
> Web Developer
> hamilte at one.net
> elizabeth.hamilton at uc.edu
--
Peter Murray, Library Systems Manager pem at po.cwru.edu
Digital Media Services http://www.cwru.edu/home/pem.html
Case Western Reserve University, Cleveland, Ohio W:216-368-5888
More information about the Web4lib
mailing list